CVE-2011-2697Improper Input Validation in Foomatic-filters

CWE-20Improper Input ValidationCWE-94Code Injection13 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
5.4%
top 9.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Foomatic-filtersDebian Foomatic-filtersDebian Hplip+2 more
Timeline
PublishedJul 29
Latest updateMay 17

Description

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

debiandebian/hplip< foomatic-filters 4.0 (bookworm)
debiandebian/foomatic-filters< foomatic-filters 4.0.9-1 (bookworm)+1

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-hc8g-chpw-24wx: foomaticrip2022-05-17
GHSA
GHSA-fwm5-c4jq-p4wv: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 32022-05-17
OSV
CVE-2011-2964: foomaticrip2011-07-29
OSV
CVE-2011-2697: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 32011-07-29

📋Vendor Advisories

5
Ubuntu
Foomatic filters vulnerabilities2011-08-22
Red Hat
foomatic: Improper sanitization of command line option in foomatic-rip2011-06-07
Red Hat
foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)2011-06-07
Debian
CVE-2011-2964: foomatic-filters - foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remot...2011
Debian
CVE-2011-2697: foomatic-filters - foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote...2011

💬Community

2
Bugzilla
CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)2011-08-01
Bugzilla
CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip2011-07-13