Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cups\-Filters
(Linuxfoundation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-07-14 | CVE-2015-3258 | Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | Ubuntu_linux, Debian_linux, Cups\-Filters | N/A | ||
| 2016-04-14 | CVE-2015-8560 | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | Ubuntu_linux, Debian_linux, Cups\-Filters, Foomatic\-Filters | 7.3 | ||
| 2015-12-17 | CVE-2015-8327 | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | Ubuntu_linux, Debian_linux, Cups\-Filters, Foomatic\-Filters, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A | ||
| 2015-07-14 | CVE-2015-3279 | Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Cups\-Filters | N/A | ||
| 2015-03-24 | CVE-2015-2265 | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | Ubuntu_linux, Cups\-Filters | N/A | ||
| 2014-06-22 | CVE-2014-4338 | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | Cups\-Filters | N/A | ||
| 2014-06-22 | CVE-2014-4337 | The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | Cups\-Filters | N/A | ||
| 2014-06-22 | CVE-2014-4336 | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | Cups\-Filters | N/A | ||
| 2014-04-17 | CVE-2014-2707 | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | Cups\-Filters | N/A | ||
| 2014-03-14 | CVE-2013-6476 | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | Ubuntu_linux, Debian_linux, Fedora, Cups\-Filters | N/A |