VYPR
Vendor

Openprinting

Products
12
CVEs
110
Across products
119
Status
Private

Products

12

Recent CVEs

110
View all 110 CVEs →
  • CVE-2010-2941CriNov 5, 2010
    risk 0.64cvss 9.8epss 0.06

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP…

  • CVE-2004-2154CriDec 31, 2004
    risk 0.64cvss 9.8epss 0.02

    CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

  • CVE-2018-6553HigAug 10, 2018
    risk 0.57cvss 8.8epss 0.00

    The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10,…

  • CVE-2014-8166HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.04

    The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

  • CVE-2009-0949HigJun 9, 2009
    risk 0.53cvss 7.5epss 0.20

    The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive…

  • CVE-2008-5183HigNov 21, 2008
    risk 0.52cvss 7.5epss 0.09

    cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging…

  • CVE-2024-47850HigOct 4, 2024
    risk 0.49cvss 7.5epss 0.01

    CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be…

  • CVE-2010-0302HigMar 5, 2010
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or…

  • CVE-2002-1372HigDec 26, 2002
    risk 0.49cvss 7.5epss 0.03

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not…

  • CVE-2026-34990HigApr 3, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local…

  • CVE-2026-34980HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.01

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without…

  • CVE-2026-34978MedApr 3, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes…

  • CVE-2026-34979MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there…

  • CVE-2026-27447MedApr 3, 2026
    risk 0.24cvss 4.8epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The…

  • CVE-2026-41079MedApr 24, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer.…

  • CVE-2026-39316MedApr 7, 2026
    risk 0.19cvss 4.0epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted.…

  • CVE-2026-39314MedApr 7, 2026
    risk 0.19cvss 4.0epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by…

  • CVE-2024-47176Sep 26, 2024
    risk 0.10cvss epss 0.62

    CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from…

  • CVE-2024-47076Sep 26, 2024
    risk 0.09cvss epss 0.83

    CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5`…

  • CVE-2024-47175Sep 26, 2024
    risk 0.06cvss epss 0.73

    CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as…