Description
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References (3)
Core 3
Core References
Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/04/25/7
Patch, Third Party Advisory x_refsource_confirm
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/06/19/12
Scores
EPSS
0.0052
EPSS Percentile
67.1%
Details
CWE
CWE-77
Status
published
Products (1)
linuxfoundation/cups-filters
< 1.0.52
Published
Jun 22, 2014
Tracked Since
Feb 18, 2026