CVE-2025-58364 — Improper Input Validation in Cups

CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

6.5MEDIUMNVD

CNA5.3OSV8.0OSV5.3

EPSS

0.1%

top 67.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openprinting Cups Apple Cups

Timeline

PublishedSep 11

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On sy…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5openprinting/cups< 2.4.13

▶NVDopenprinting/cups< 2.4.13

▶Debianapple/cups< 2.3.3op2-3+deb11u10+3

▶Ubuntuapple/cups< 2.4.1op1-1ubuntu4.12+4

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

cups: Remote DoS via null dereference↗2025-09-11

▶

OSV

CVE-2025-58364: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems↗2025-09-11

▶

OSV

cups vulnerabilities↗2025-09-11

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2025-09-11

▶

Red Hat

cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS↗2025-09-11

▶

Microsoft

cups: Remote DoS via null dereference↗2025-09-09

▶

Debian

CVE-2025-58364: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...↗2025

▶