Linuxfoundation Cups-Filters vulnerabilities

CVE-2025-64524 [LOW] cups-filters vulnerabilities cups-filters vulnerabilities USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the corresponding update for CVE-2025-64524 for Ubuntu 25.04. Original advisory details: It was discovered that cups-filters incorrectly handled certain malformed TIFF image files. A remote attacker could use this issue to cause cups-filters to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected

CVE-2025-64503 [LOW] CVE-2025-64503: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the

CVE-2025-57812 [LOW] CVE-2025-57812: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscups

CVE-2024-47176 [HIGH] cups-filters vulnerabilities cups-filters vulnerabilities USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remot

CVE-2024-47076 [HIGH] CVE-2024-47076: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does

CVE-2023-24805 [HIGH] CWE-78 CVE-2023-24805: cups-filters contains backends, filters, and other software required to get the cups printing servic cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` w

CVE-2015-8560 [HIGH] CVE-2015-8560: Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

CVE-2015-8327 [HIGH] CVE-2015-8327: Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

CVE-2015-3258 [HIGH] CWE-119 CVE-2015-3258: Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-fi Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.

CVE-2015-3279 [HIGH] CWE-189 CVE-2015-3279: Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote atta Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

CVE-2015-2265 [HIGH] CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IP The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

CVE-2014-4338 [MEDIUM] CWE-264 CVE-2014-4338: cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restric cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.

CVE-2014-4337 [MEDIUM] CWE-119 CVE-2014-4337: The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0. The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

CVE-2014-4336 [MEDIUM] CVE-2014-4336: The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0 The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

CVE-2014-2707 [HIGH] CWE-78 CVE-2014-2707: cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary co cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

CVE-2013-6475 [MEDIUM] CWE-189 CVE-2013-6475: Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp fil Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

CVE-2013-6474 [MEDIUM] CWE-119 CVE-2013-6474: Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows rem Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2013-6473 [MEDIUM] CWE-119 CVE-2013-6473: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 all Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.

CVE-2013-6476 [MEDIUM] CWE-264 CVE-2013-6476: The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cup The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.