11 results (0.016 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. • https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 https://www.cups.org https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I https://github.com/RickdeJager/cupshax https://github.com/h2g2bob/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. • https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK https://security.gentoo.org/glsa/202401-06 https:/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 0

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. Desbordamiento de enteros en filter/texttopdf.c en texttopdf en cups-filters antes de 1.0.71, que permite a atacantes remotos provocar una denegación de servicio (colapso) o la posibilidad de ejecutar código arbitrario por medio de una línea larga que contiene caracteres anchos manipulada en un trabajo de impresión, lo que desencadena un desbordamiento del buffer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/07/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Desbordamiento del buffer basado en memoria dinámica en la función WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegación de servcio (colapso) o la posibilidad de ejecutar código arbitrario a través de una línea larga que contiene caracteres anchos en una tarea de impresión. A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/06/26/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75436 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://advisories.mageia.org/MGASA-2015-0132.html http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 http://www.ubuntu.com/usn/USN-2532-1 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •