CVE-2014-2707OS Command Injection in Cups-filters

CWE-78OS Command Injection14 documents8 sources
Severity
8.3HIGHNVD
EPSS
1.3%
top 19.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linuxfoundation Cups-filters
Timeline
PublishedApr 17
Latest updateMay 17

Description

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages3 packages

Debianlinuxfoundation/cups-filters< 1.0.51-1+3
Ubuntulinuxfoundation/cups-filters< 1.0.52-0ubuntu1.1
NVDlinuxfoundation/cups-filters10 versions+9

🔴Vulnerability Details

4
GHSA
GHSA-cc2p-9m5r-9hc8: cups-browsed in cups-filters 12022-05-17
OSV
cups-filters vulnerability2014-05-08
OSV
CVE-2014-2707: cups-browsed in cups-filters 12014-04-17
CVEList
CVE-2014-2707: cups-browsed in cups-filters 12014-04-17

📋Vendor Advisories

5
Red Hat
cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)2015-02-26
Ubuntu
cups-filters vulnerability2014-05-08
Red Hat
cups-filters: incomplete fix for CVE-2014-27072014-04-23
Red Hat
cups-filters: remote command injection in cups-browsed2014-04-01
Debian
CVE-2014-2707: cups-filters - cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to ...2014

💬Community

4
Bugzilla
CVE-2015-2265 cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)2015-03-05
Bugzilla
cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707) [fedora-all]2015-03-05
Bugzilla
CVE-2014-4336 cups-filters: incomplete fix for CVE-2014-27072014-04-25
Bugzilla
CVE-2014-2707 cups-filters: remote command injection in cups-browsed2014-04-02
CVE-2014-2707 — OS Command Injection in Cups-filters | cvebase