rpm package
opensuse/cups&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cups&distro=openSUSE%20Tumbleweed
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41079 | Med | 4.3 | < 2.4.19-2.1 | 2.4.19-2.1 | Apr 24, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. Th | |
| CVE-2026-39316 | Med | 4.0 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 7, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() | |
| CVE-2026-39314 | Med | 4.0 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 7, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by su | |
| CVE-2026-34990 | Hig | 7.8 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local . | |
| CVE-2026-34980 | Hig | 7.5 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentica | |
| CVE-2026-34979 | Med | 5.3 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are | |
| CVE-2026-34978 | Med | 6.5 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outsid | |
| CVE-2026-27447 | Med | 4.8 | < 2.4.17-1.1 | 2.4.17-1.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulne | |
| CVE-2025-58436 | — | < 2.4.16-1.1 | 2.4.16-1.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl | ||
| CVE-2025-61915 | — | < 2.4.16-1.1 | 2.4.16-1.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse | ||
| CVE-2025-58364 | — | < 2.4.14-1.1 | 2.4.14-1.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a | ||
| CVE-2025-58060 | — | < 2.4.14-1.1 | 2.4.14-1.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This | ||
| CVE-2024-35235 | — | < 2.4.8-1.1 | 2.4.8-1.1 | Jun 11, 2024 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary | ||
| CVE-2023-4504 | — | < 2.4.2-7.1 | 2.4.2-7.1 | Sep 21, 2023 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | ||
| CVE-2023-32360 | — | < 2.4.2-7.1 | 2.4.2-7.1 | Jun 23, 2023 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. | ||
| CVE-2023-34241 | — | < 2.4.2-6.1 | 2.4.2-6.1 | Jun 22, 2023 | OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should hav | ||
| CVE-2023-32324 | — | < 2.4.2-5.1 | 2.4.2-5.1 | Jun 1, 2023 | OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote at | ||
| CVE-2022-26691 | — | < 2.4.2-1.1 | 2.4.2-1.1 | May 26, 2022 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | ||
| CVE-2021-25317 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | May 5, 2021 | A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root wit | ||
| CVE-2020-10001 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Apr 2, 2021 | An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. |
- affected < 2.4.19-2.1fixed 2.4.19-2.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. Th
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters()
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by su
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local .
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentica
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outsid
- affected < 2.4.17-1.1fixed 2.4.17-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulne
- CVE-2025-58436Nov 29, 2025affected < 2.4.16-1.1fixed 2.4.16-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl
- CVE-2025-61915Nov 29, 2025affected < 2.4.16-1.1fixed 2.4.16-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse
- CVE-2025-58364Sep 11, 2025affected < 2.4.14-1.1fixed 2.4.14-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a
- CVE-2025-58060Sep 11, 2025affected < 2.4.14-1.1fixed 2.4.14-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This
- CVE-2024-35235Jun 11, 2024affected < 2.4.8-1.1fixed 2.4.8-1.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary
- CVE-2023-4504Sep 21, 2023affected < 2.4.2-7.1fixed 2.4.2-7.1
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
- CVE-2023-32360Jun 23, 2023affected < 2.4.2-7.1fixed 2.4.2-7.1
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.
- CVE-2023-34241Jun 22, 2023affected < 2.4.2-6.1fixed 2.4.2-6.1
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should hav
- CVE-2023-32324Jun 1, 2023affected < 2.4.2-5.1fixed 2.4.2-5.1
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote at
- CVE-2022-26691May 26, 2022affected < 2.4.2-1.1fixed 2.4.2-1.1
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
- CVE-2021-25317May 5, 2021affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root wit
- CVE-2020-10001Apr 2, 2021affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
Page 1 of 3