rpm package
opensuse/cups-filters&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cups-filters&distro=openSUSE%20Tumbleweed
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47850 | Hig | 7.5 | < 1.28.17-5.1 | 1.28.17-5.1 | Oct 4, 2024 | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be use | |
| CVE-2024-47175 | — | < 1.28.17-5.1 | 1.28.17-5.1 | Sep 26, 2024 | CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr | ||
| CVE-2024-47076 | — | < 1.28.17-5.1 | 1.28.17-5.1 | Sep 26, 2024 | CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` fu | ||
| CVE-2024-47176 | — | < 1.28.17-5.1 | 1.28.17-5.1 | Sep 26, 2024 | CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any | ||
| CVE-2023-24805 | — | < 1.28.15-3.1 | 1.28.15-3.1 | May 17, 2023 | cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co | ||
| CVE-2015-8560 | Hig | 7.3 | < 1.8.2-1.11 | 1.8.2-1.11 | Apr 14, 2016 | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8 | |
| CVE-2015-8327 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Dec 17, 2015 | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | ||
| CVE-2015-3279 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jul 14, 2015 | Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | ||
| CVE-2015-3258 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jul 14, 2015 | Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | ||
| CVE-2015-2265 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 24, 2015 | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014 | ||
| CVE-2014-4338 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jun 22, 2014 | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | ||
| CVE-2014-4337 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jun 22, 2014 | The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | ||
| CVE-2014-4336 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jun 22, 2014 | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2 | ||
| CVE-2014-2707 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Apr 17, 2014 | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | ||
| CVE-2013-6476 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 14, 2014 | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | ||
| CVE-2013-6475 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 14, 2014 | Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | ||
| CVE-2013-6474 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 14, 2014 | Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | ||
| CVE-2013-6473 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 14, 2014 | Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. |
- affected < 1.28.17-5.1fixed 1.28.17-5.1
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be use
- CVE-2024-47175Sep 26, 2024affected < 1.28.17-5.1fixed 1.28.17-5.1
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr
- CVE-2024-47076Sep 26, 2024affected < 1.28.17-5.1fixed 1.28.17-5.1
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` fu
- CVE-2024-47176Sep 26, 2024affected < 1.28.17-5.1fixed 1.28.17-5.1
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any
- CVE-2023-24805May 17, 2023affected < 1.28.15-3.1fixed 1.28.15-3.1
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote co
- affected < 1.8.2-1.11fixed 1.8.2-1.11
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8
- CVE-2015-8327Dec 17, 2015affected < 1.8.2-1.11fixed 1.8.2-1.11
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
- CVE-2015-3279Jul 14, 2015affected < 1.8.2-1.11fixed 1.8.2-1.11
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
- CVE-2015-3258Jul 14, 2015affected < 1.8.2-1.11fixed 1.8.2-1.11
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
- CVE-2015-2265Mar 24, 2015affected < 1.8.2-1.11fixed 1.8.2-1.11
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014
- CVE-2014-4338Jun 22, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
- CVE-2014-4337Jun 22, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
- CVE-2014-4336Jun 22, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2
- CVE-2014-2707Apr 17, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
- CVE-2013-6476Mar 14, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
- CVE-2013-6475Mar 14, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
- CVE-2013-6474Mar 14, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2013-6473Mar 14, 2014affected < 1.8.2-1.11fixed 1.8.2-1.11
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.