CVSS: 7.5EPSS: 0%CPEs: 61EXPL: 0CVE-2015-8560 – cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
https://notcve.org/view.php?id=CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.4.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter ; (punto y coma) en un trabajo de impresión, una vulnerabilidad diferente a CVE-2015-8327. It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.debian.org/security/2015/dsa-3419 http://www.debian.org/security/2015/dsa-3429 http://www.openwall.com/lists/oss-security/2015/12/13/2 http://www.openwall.com/lists/oss-security/2015/12/14/13 http://www.oracle.com/technetwork/topics/security/linuxbull • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 64EXPL: 0CVE-2015-8327 – cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
https://notcve.org/view.php?id=CVE-2015-8327
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a través de caracteres ` (acento grave) en un trabajo de impresión. It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.debian.org/security/2015/dsa-3411 http://www.debian.org/security/2015/dsa-3429 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/78524 htt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 0CVE-2015-3279 – cups-filters: texttopdf integer overflow
https://notcve.org/view.php?id=CVE-2015-3279
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. Desbordamiento de enteros en filter/texttopdf.c en texttopdf en cups-filters antes de 1.0.71, que permite a atacantes remotos provocar una denegación de servicio (colapso) o la posibilidad de ejecutar código arbitrario por medio de una línea larga que contiene caracteres anchos manipulada en un trabajo de impresión, lo que desencadena un desbordamiento del buffer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/07/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0CVE-2015-3258 – cups-filters: texttopdf heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-3258
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Desbordamiento del buffer basado en memoria dinámica en la función WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegación de servcio (colapso) o la posibilidad de ejecutar código arbitrario a través de una línea larga que contiene caracteres anchos en una tarea de impresión. A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/06/26/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75436 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2015-2265
https://notcve.org/view.php?id=CVE-2015-2265
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://advisories.mageia.org/MGASA-2015-0132.html http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 http://www.ubuntu.com/usn/USN-2532-1 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •