EUVD-2026-25574CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
AnalysisAI
OpenPrinting CUPS before version 2.4.17 allows network-adjacent attackers to read up to 176 bytes of stack memory via a crafted SNMP response sent to the CUPS SNMP backend, with leaked data visible to authenticated users through IPP Get-Printer-Attributes responses and the web interface. The vulnerability requires adjacency on the network but no authentication, making it a low-severity information disclosure risk in environments where SNMP-enabled printers are accessible from untrusted networks.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromi
Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the re
Remote code execution in Luanti 5.0.0 through 5.15.1 allows authenticated attackers to escape the Lua sandbox via malici
Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandb
Kyverno's apiCall feature automatically attaches the admission controller's ServiceAccount token to HTTP requests withou
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today