CVE-2011-2964 — Code Injection in Foomatic-filters

CWE-94 — Code Injection9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

19.9%

top 4.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foomatic-filters Debian Foomatic-filters Linuxfoundation Foomatic

Timeline

PublishedJul 29

Latest updateMay 17

Description

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/foomatic-filters< foomatic-filters 4.0.9-1 (bookworm)

▶Debianfoomatic-filters/foomatic-filters< 4.0.9-1+3

▶NVDlinuxfoundation/foomatic4.0.6

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-hc8g-chpw-24wx: foomaticrip↗2022-05-17

▶

OSV

CVE-2011-2964: foomaticrip↗2011-07-29

▶

📋Vendor Advisories

Ubuntu

Foomatic filters vulnerabilities↗2011-08-22

▶

Red Hat

foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)↗2011-06-07

▶

Debian

CVE-2011-2964: foomatic-filters - foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remot...↗2011

▶

💬Community

Bugzilla

CVE-2011-2964 foomatic: Improper sanitization of command line option in foomatic-rip (foomatic.c)↗2011-08-01

▶

Bugzilla

CVE-2011-2697 foomatic: Improper sanitization of command line option in foomatic-rip↗2011-07-13

▶

Bugzilla

CVE-2011-2964 foomatic (foomatic-filters/foomatic-rip): Improper sanitization of "files to be printed" command line option [fedora-all]↗2011-07-13

▶