Skip to main content

Cups Filters CVE-2014-2707

HIGH
OS Command Injection (CWE-78)
2014-04-17 cve@mitre.org
8.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Adjacent
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Apr 17, 2014 - 14:55 cve.org
HIGH 8.3

DescriptionCVE.org

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

AnalysisAI

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." Affected products include: Linuxfoundation Cups-Filters. Version information: before 1.0.51.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2015-3258 HIGH
7.5 Jul 14

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70

CVE-2015-3279 HIGH
7.5 Jul 14

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a den

CVE-2023-24805 HIGH POC
8.8 May 17

cups-filters contains backends, filters, and other software required to get the cups printing service working on operati

CVE-2015-2265 HIGH POC
7.5 Mar 24

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execut

CVE-2015-8327 HIGH
7.5 Dec 17

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters

CVE-2013-6474 MEDIUM
6.8 Mar 14

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to exe

CVE-2013-6475 MEDIUM
6.8 Mar 14

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups

CVE-2013-6473 MEDIUM
6.8 Mar 14

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers

CVE-2015-8560 HIGH
7.3 Apr 14

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters

CVE-2014-4336 MEDIUM
5.8 Jun 22

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IP

CVE-2014-4337 MEDIUM
4.3 Jun 22

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote att

CVE-2013-6476 MEDIUM
4.4 Mar 14

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0

Share

CVE-2014-2707 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy