CVE-2015-8327

cups-filters <1.2.0 - Command Injection

Title source: llm
STIX 2.1

Description

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2831-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/78524
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-printing/2015/11/msg00020.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2831-2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3429
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0491.html
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-printing/2015/12/msg00001.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3411

Scores

EPSS 0.1815
EPSS Percentile 95.3%

Details

Status published
Products (50)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
debian/debian_linux 8.0
linuxfoundation/cups-filters 1.0.42
linuxfoundation/cups-filters 1.0.43
linuxfoundation/cups-filters 1.0.44
linuxfoundation/cups-filters 1.0.45
linuxfoundation/cups-filters 1.0.46
... and 40 more
Published Dec 17, 2015
Tracked Since Feb 18, 2026