Debian Cups vulnerabilities

CVE-2026-34990 [MEDIUM] CVE-2026-34990: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker c

CVE-2026-34980 [MEDIUM] CVE-2026-34980: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves a

CVE-2026-34978 [MEDIUM] CVE-2026-34978: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-w

CVE-2026-34979 [MEDIUM] CVE-2026-34979: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches. Scope: local bookworm: open bullseye: open forky: open si

CVE-2026-39314 [MEDIUM] CVE-2026-39314: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the u

CVE-2026-39316 [MEDIUM] CVE-2026-39316: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions

CVE-2026-27447 [MEDIUM] CVE-2026-27447: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations

CVE-2025-58060 [HIGH] CVE-2025-58060: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not

CVE-2025-58364 [MEDIUM] CVE-2025-58364: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed

CVE-2025-58436 [MEDIUM] CVE-2025-58436: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15. Scope: local bookworm: open bullsey

CVE-2025-61915 [MEDIUM] CVE-2025-61915: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2

CVE-2024-47175 [HIGH] CVE-2024-47175: cups - CUPS is a standards-based, open-source printing system, and `libppd` can be used... CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Fo

CVE-2024-35235 [MEDIUM] CVE-2024-35235: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik... OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given tha

CVE-2023-4504 [HIGH] CVE-2023-4504: cups - Due to failure in validating the length provided by an attacker-crafted PPD Post... Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Scope: local bookworm: resolved (fixed in 2.4.2-3+deb12u2) bullseye: resolved (fixed in 2.3.3op2-3+deb1

CVE-2023-32324 [HIGH] CVE-2023-32324: cups - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior... OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be tri

CVE-2023-32360 [MEDIUM] CVE-2023-32360: cups - An authentication issue was addressed with improved state management. This issue... An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. Scope: local bookworm: resolved (fixed in 2.4.2-3+deb12u2) bullseye: resolved (fixed in 2.3.3op2-3+deb11u4) forky: resolved (fixed in 2.4

CVE-2023-34241 [MEDIUM] CVE-2023-34241: cups - OpenPrinting CUPS is a standards-based, open source printing system for Linux an... OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cups

CVE-2022-26691 [MEDIUM] CVE-2022-26691: cups - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.3.3op2-3+deb11u2) forky: resolved (fixed in 2.4.2-1) sid: resolved (fi

CVE-2021-25317 [LOW] CVE-2021-25317: cups - A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE L... A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux En

CVE-2020-3898 [HIGH] CVE-2020-3898: cups - A memory corruption issue was addressed with improved validation. This issue is ... A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. Scope: local bookworm: resolved (fixed in 2.3.1-12) bullseye: resolved (fixed in 2.3.1-12) forky: resolved (fixed in 2.3.1-12) sid: resolved (fixed in 2.3.1-12) trixie: resolved (fixed in 2.3.1-12)