Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-3641. PoCs published by regenrecht.
AI-analyzed exploit summary This Ruby script exploits CVE-2008-3641, a remote code execution vulnerability in CUPS (Common Unix Printing System) versions prior to 1.3.9. The exploit leverages a buffer overflow in the HP-GL/2 filter to execute arbitrary shellcode, providing a reverse shell or command execution with the privileges of the CUPS daemon (typically 'lp' group).
Description
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by regenrecht · rubyremotelinux
https://www.exploit-db.com/exploits/32470
This Ruby script exploits CVE-2008-3641, a remote code execution vulnerability in CUPS (Common Unix Printing System) versions prior to 1.3.9. The exploit leverages a buffer overflow in the HP-GL/2 filter to execute arbitrary shellcode, providing a reverse shell or command execution with the privileges of the CUPS daemon (typically 'lp' group).
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
CUPS < 1.3.9
No auth needed
Prerequisites:
Printer sharing enabled on the target system · Network access to the CUPS service (port 631)
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (36)
Core 36
Core References
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32284
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2782
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32331
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31681
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45779
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33111
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9666
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32292
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-067
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1568
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33085
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33568
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31688
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32222
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32226
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1656
Exploit x_refsource_confirm
http://www.cups.org/str.php?L2911
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021031
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/656-1/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2780
Various Sources x_refsource_confirm
http://www.cups.org/articles.php?L575
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3216
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32084
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0937.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32316
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497221/100/0/threaded
Scores
EPSS
0.2413
EPSS Percentile
97.6%
Details
CWE
CWE-399
Status
published
Products (32)
apple/cups
1.1
apple/cups
1.1.1
apple/cups
1.1.2
apple/cups
1.1.3
apple/cups
1.1.4
apple/cups
1.1.5
apple/cups
1.1.5-1
apple/cups
1.1.5-2
apple/cups
1.1.6
apple/cups
1.1.6-1
... and 22 more
Published
Oct 10, 2008
Tracked Since
Feb 18, 2026