CVE-2014-8166

HIGH

CUPS < 1.6 - Remote Code Execution via ANSI Escape Sequences in Printer Name

Title source: llm
STIX 2.1

Description

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

References (4)

Core 4
Core References
Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1084577
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73300
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/24/15
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/24/2

Scores

CVSS v3 8.8
EPSS 0.0370
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
cups/cups < 1.6
Published Jan 12, 2018
Tracked Since Feb 18, 2026