Information on source package cups

Available versions

ReleaseVersion
jessie1.7.5-11+deb8u2
jessie (security)1.7.5-11+deb8u4
stretch2.2.1-8+deb9u1
stretch (security)2.2.1-8+deb9u2
buster2.2.8-5
sid2.2.8-5

Open issues

BugjessiestretchbustersidDescription
CVE-2017-18248fixedvulnerable (no DSA)fixedfixedThe add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2014-8166vulnerablevulnerablevulnerablevulnerableThe browsing feature in the server in CUPS does not filter ANSI escape ...

Resolved issues

BugDescription
CVE-2018-6553The CUPS AppArmor profile incorrectly confined the dnssd backend due ...
CVE-2018-4183cups-exec Sandbox Bypass Due to Profile Misconfiguration
CVE-2018-4182cups-exec Sandbox Bypass Due to Insecure Error Handling
CVE-2018-4181Limited Local File Reads as Root via cupsd.conf Include Directive
CVE-2018-4180Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
CVE-2017-18190A localhost.localdomain whitelist entry in valid_host() in ...
CVE-2017-15400Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...
CVE-2015-3279Integer overflow in filter/texttopdf.c in texttopdf in cups-filters ...
CVE-2015-3258Heap-based buffer overflow in the WriteProlog function in ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...
CVE-2015-1159Cross-site scripting (XSS) vulnerability in the cgi_puts function in ...
CVE-2015-1158The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 ...
CVE-2014-9679Integer underflow in the cupsRasterReadPixels function in ...
CVE-2014-5031The web interface in CUPS before 2.0 does not check that files have ...
CVE-2014-5030CUPS before 2.0 allows local users to read arbitrary files via a ...
CVE-2014-5029The web interface in CUPS 1.7.4 allows local users in the lp group to ...
CVE-2014-3537The web interface in CUPS before 1.7.4 allows local users in the lp ...
CVE-2014-2856Cross-site scripting (XSS) vulnerability in scheduler/client.c in ...
CVE-2013-6891lppasswd in CUPS before 1.7.1, when running with setuid privileges, ...
CVE-2013-6476The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the ...
CVE-2013-6475Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) ...
CVE-2013-6474Heap-based buffer overflow in the pdftoopvp filter in CUPS and ...
CVE-2012-6094
CVE-2012-5519CUPS 1.4.4, when running in certain Linux distributions such as Debian ...
CVE-2011-3170The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and ...
CVE-2011-2896The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...
CVE-2010-2941ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...
CVE-2010-2432The cupsDoAuthentication function in auth.c in the client in CUPS ...
CVE-2010-2431The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...
CVE-2010-1748The cgi_initialize_string function in cgi-bin/var.c in the web ...
CVE-2010-0542The _WriteProlog function in texttops.c in texttops in the Text Filter ...
CVE-2010-0540Cross-site request forgery (CSRF) vulnerability in the web interface ...
CVE-2010-0393The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS ...
CVE-2010-0302Use-after-free vulnerability in the abstract file-descriptor handling ...
CVE-2009-3553Use-after-free vulnerability in the abstract file-descriptor handling ...
CVE-2009-2820The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...
CVE-2009-2807Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...
CVE-2009-1196The directory-services functionality in the scheduler in CUPS 1.1.17 ...
CVE-2009-0949The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 ...
CVE-2009-0791Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...
CVE-2009-0166The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0164The web interface for CUPS before 1.3.10 does not validate the HTTP ...
CVE-2009-0163Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...
CVE-2009-0147Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...
CVE-2009-0146Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...
CVE-2008-5377pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...
CVE-2008-5286Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...
CVE-2008-5184The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...
CVE-2008-5183cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...
CVE-2008-3641The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...
CVE-2008-3640Integer overflow in the WriteProlog function in texttops in CUPS ...
CVE-2008-3639Heap-based buffer overflow in the read_rle16 function in imagetops in ...
CVE-2008-1722Multiple integer overflows in (1) filter/image-png.c and (2) ...
CVE-2008-1374Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...
CVE-2008-1373Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows ...
CVE-2008-1033The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...
CVE-2008-0882Double free vulnerability in the process_browse_data function in CUPS ...
CVE-2008-0597Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...
CVE-2008-0596Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...
CVE-2008-0053Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...
CVE-2008-0047Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...
CVE-2007-6358pdftops.pl before 1.20 in alternate pdftops filter allows local users ...
CVE-2007-5849Integer underflow in the asn1_get_string function in the SNMP back end ...
CVE-2007-5848Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...
CVE-2007-5393Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...
CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...
CVE-2007-4352Array index error in the DCTStream::readProgressiveDataUnit method in ...
CVE-2007-4351Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...
CVE-2007-4045The CUPS service, as used in SUSE Linux before 20070720 and other ...
CVE-2007-3387Integer overflow in the StreamPredictor::StreamPredictor function in ...
CVE-2007-0720The CUPS service on multiple platforms allows remote attackers to ...
CVE-2005-4873Multiple stack-based buffer overflows in the phpcups PHP module for ...
CVE-2005-3628Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...
CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...
CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...
CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...
CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...
CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function ...
CVE-2005-3192Heap-based buffer overflow in the StreamPredictor function in Xpdf ...
CVE-2005-3191Multiple heap-based buffer overflows in the (1) ...
CVE-2005-2874The is_path_absolute function in scheduler/client.c for the daemon in ...
CVE-2005-2097xpdf and kpdf do not properly validate the "loca" table in PDF files, ...
CVE-2005-0206The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...
CVE-2005-0064Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...
CVE-2004-2154CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...
CVE-2004-1270lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...
CVE-2004-1269lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...
CVE-2004-1268lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...
CVE-2004-1267Buffer overflow in the ParseCommand function in hpgl-input.c in the ...
CVE-2004-1125Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...
CVE-2004-0923CUPS 1.1.20 and earlier records authentication information for a ...
CVE-2004-0888Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...
CVE-2004-0558The Internet Printing Protocol (IPP) implementation in CUPS before ...
CVE-2003-0788Unknown vulnerability in the Internet Printing Protocol (IPP) ...
CVE-2003-0195CUPS before 1.1.19 allows remote attackers to cause a denial of ...
CVE-2002-1384Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...
CVE-2002-1383Multiple integer overflows in Common Unix Printing System (CUPS) ...
CVE-2002-1372Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...
CVE-2002-1371filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...
CVE-2002-1369jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...
CVE-2002-1368Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...
CVE-2002-1367Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...
CVE-2002-1366Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...
CVE-2001-1508Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...

Security announcements

DSA / DLADescription
DLA-1426-1cups - security update
DSA-4243-1cups - security update
DLA-1412-1cups - security update
DLA-1387-1cups - security update
DLA-1288-1cups - security update
DLA-314-1cups - security update
DSA-3283-1cups - security update
DSA-3283-1cups - security update
DLA-239-1cups - security update
DLA-159-1cups - security update
DSA-3172-1cups - security update
DLA-0022-1cups - security update
DSA-2990-1cups - security update
DSA-2876-1cups - security update
DSA-2600-1cups - privilege escalation
DSA-2354-1cups - several
DSA-2354-1cups - several
DSA-2176-1cups - several
DSA-2007-1cups - arbitrary code execution
DSA-1933-1cups cupsys - cross-site scripting
DSA-1811-1cups cupsys - denial of service
DSA-1773-1cups cupsys - arbitrary code execution

Search for package or bug name: Reporting problems