CVE-2004-1267

CUPS - Buffer Overflow in hpgltops ParseCommand Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1267. PoCs published by Ariel Berkman.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow vulnerability in CUPS' HPGL file parsing, allowing arbitrary code execution via a maliciously crafted HPGL file. The PoC removes a file named 'x' from the current directory, proving the vulnerability.

Description

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ariel Berkman · textremotelinux

https://www.exploit-db.com/exploits/24977

View Code ZIP pw:eip

The exploit demonstrates a buffer overflow vulnerability in CUPS' HPGL file parsing, allowing arbitrary code execution via a maliciously crafted HPGL file. The PoC removes a file named 'x' from the current directory, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CUPS 1.1.22

No auth needed

Prerequisites: CUPS installation with HPGL filter enabled · Ability to submit HPGL files to the CUPS daemon

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-013.html

Exploit, Vendor Advisory x_refsource_misc

http://tigger.uic.edu/~jlongs2/holes/cups.txt

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18604

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:008

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-053.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/50-1/

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml

Scores

EPSS 0.0625

EPSS Percentile 92.7%

Details

CWE

CWE-119

Status published

Products (24)

easy_software_products/cups 1.0.4

easy_software_products/cups 1.0.4_8

easy_software_products/cups 1.1.1

easy_software_products/cups 1.1.4

easy_software_products/cups 1.1.4_2

easy_software_products/cups 1.1.4_3

easy_software_products/cups 1.1.4_5

easy_software_products/cups 1.1.6

easy_software_products/cups 1.1.7

easy_software_products/cups 1.1.10

... and 14 more

Published Jan 10, 2005

Tracked Since Feb 18, 2026