CVE-2015-8560Command Injection in Cups-filters

CWE-77Command Injection11 documents8 sources
Severity
7.3HIGHNVD
CNA7.5OSV7.5
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Foomatic-filtersLinuxfoundation Cups-filtersCanonical Ubuntu Linux+2 more
Timeline
PublishedApr 14
Latest updateMay 14

Description

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

Debianlinuxfoundation/cups-filters< 1.4.0-1+3
NVDlinuxfoundation/cups-filters38 versions+37

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

3
GHSA
GHSA-rcfc-82wc-2wjm: Incomplete blacklist vulnerability in util2022-05-14
OSV
CVE-2015-8560: Incomplete blacklist vulnerability in util2016-04-14
CVEList
CVE-2015-8560: Incomplete blacklist vulnerability in util2016-04-14

📋Vendor Advisories

4
Ubuntu
foomatic-filters vulnerability2015-12-16
Ubuntu
cups-filters vulnerability2015-12-16
Red Hat
cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character2015-12-12
Debian
CVE-2015-8560: cups-filters - Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0...2015

💬Community

3
Bugzilla
CVE-2015-8560 foomatic: cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character [fedora-all]2015-12-14
Bugzilla
CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character [fedora-all]2015-12-14
Bugzilla
CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character2015-12-14
CVE-2015-8560 — Command Injection in Cups-filters | cvebase