Information on source package cups

Available versions

ReleaseVersion
jessie1.7.5-11+deb8u12
stretch2.2.1-8+deb9u12
stretch (security)2.2.1-8+deb9u8
buster2.2.10-6+deb10u11
buster (security)2.2.10-6+deb10u10
bullseye2.3.3op2-3+deb11u8
bullseye (security)2.3.3op2-3+deb11u9
bookworm2.4.2-3+deb12u7
bookworm (security)2.4.2-3+deb12u8
trixie2.4.10-2
sid2.4.10-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-47175vulnerablefixedfixedfixedfixedfixedfixedCUPS is a standards-based, open-source printing system, and `libppd` c ...
CVE-2024-35235vulnerablefixedfixedfixedfixedfixedfixedOpenPrinting CUPS is an open source printing system for Linux and othe ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2014-8166vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe browsing feature in the server in CUPS does not filter ANSI escape ...

Resolved issues

BugDescription
CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system fo ...
CVE-2023-32360An authentication issue was addressed with improved state management. ...
CVE-2023-32324OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...
CVE-2023-4504Due to failure in validating the length provided by an attacker-crafte ...
CVE-2022-26691A logic issue was addressed with improved state management. This issue ...
CVE-2021-25317A Incorrect Default Permissions vulnerability in the packaging of cups ...
CVE-2020-10001An input validation issue was addressed with improved memory handling. ...
CVE-2020-3898A memory corruption issue was addressed with improved validation. This ...
CVE-2019-8842A buffer overflow was addressed with improved bounds checking. This is ...
CVE-2019-8696A buffer overflow issue was addressed with improved memory handling. T ...
CVE-2019-8675A buffer overflow issue was addressed with improved memory handling. T ...
CVE-2019-2228In array_find of array.c, there is a possible out-of-bounds read due t ...
CVE-2019-2180In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi ...
CVE-2018-6553The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...
CVE-2018-4300The session cookie generated by the CUPS web interface was easy to gue ...
CVE-2018-4183In macOS High Sierra before 10.13.5, an access issue was addressed wit ...
CVE-2018-4182In macOS High Sierra before 10.13.5, an access issue was addressed wit ...
CVE-2018-4181In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...
CVE-2018-4180In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...
CVE-2017-18248The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B ...
CVE-2017-18190A localhost.localdomain whitelist entry in valid_host() in scheduler/c ...
CVE-2017-15400Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr ...
CVE-2015-3279Integer overflow in filter/texttopdf.c in texttopdf in cups-filters be ...
CVE-2015-3258Heap-based buffer overflow in the WriteProlog function in filter/textt ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer BS ...
CVE-2015-1159Cross-site scripting (XSS) vulnerability in the cgi_puts function in c ...
CVE-2015-1158The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 ...
CVE-2014-9679Integer underflow in the cupsRasterReadPixels function in filter/raste ...
CVE-2014-5031The web interface in CUPS before 2.0 does not check that files have wo ...
CVE-2014-5030CUPS before 2.0 allows local users to read arbitrary files via a symli ...
CVE-2014-5029The web interface in CUPS 1.7.4 allows local users in the lp group to ...
CVE-2014-3537The web interface in CUPS before 1.7.4 allows local users in the lp gr ...
CVE-2014-2856Cross-site scripting (XSS) vulnerability in scheduler/client.c in Comm ...
CVE-2013-6891lppasswd in CUPS before 1.7.1, when running with setuid privileges, al ...
CVE-2013-6476The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pd ...
CVE-2013-6475Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPS ...
CVE-2013-6474Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-fi ...
CVE-2012-6094cups (Common Unix Printing System) 'Listen localhost:631' option not h ...
CVE-2012-5519CUPS 1.4.4, when running in certain Linux distributions such as Debian ...
CVE-2011-3170The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earl ...
CVE-2011-2896The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...
CVE-2010-2941ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate me ...
CVE-2010-2432The cupsDoAuthentication function in auth.c in the client in CUPS befo ...
CVE-2010-2431The cupsFileOpen function in CUPS before 1.4.4 allows local users, wit ...
CVE-2010-1748The cgi_initialize_string function in cgi-bin/var.c in the web interfa ...
CVE-2010-0542The _WriteProlog function in texttops.c in texttops in the Text Filter ...
CVE-2010-0540Cross-site request forgery (CSRF) vulnerability in the web interface i ...
CVE-2010-0393The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1 ...
CVE-2010-0302Use-after-free vulnerability in the abstract file-descriptor handling ...
CVE-2009-3553Use-after-free vulnerability in the abstract file-descriptor handling ...
CVE-2009-2820The web interface in CUPS before 1.4.2, as used on Apple Mac OS X befo ...
CVE-2009-2807Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...
CVE-2009-1196The directory-services functionality in the scheduler in CUPS 1.1.17 a ...
CVE-2009-0949The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 do ...
CVE-2009-0791Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as use ...
CVE-2009-0166The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0164The web interface for CUPS before 1.3.10 does not validate the HTTP Ho ...
CVE-2009-0163Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...
CVE-2009-0147Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ea ...
CVE-2009-0146Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ear ...
CVE-2008-5377pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...
CVE-2008-5286Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 thro ...
CVE-2008-5184The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the gues ...
CVE-2008-5183cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remot ...
CVE-2008-3641The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3 ...
CVE-2008-3640Integer overflow in the WriteProlog function in texttops in CUPS befor ...
CVE-2008-3639Heap-based buffer overflow in the read_rle16 function in imagetops in ...
CVE-2008-1722Multiple integer overflows in (1) filter/image-png.c and (2) filter/im ...
CVE-2008-1374Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...
CVE-2008-1373Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remo ...
CVE-2008-1033The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...
CVE-2008-0882Double free vulnerability in the process_browse_data function in CUPS ...
CVE-2008-0597Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...
CVE-2008-0596Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...
CVE-2008-0053Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...
CVE-2008-0047Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1. ...
CVE-2007-6358pdftops.pl before 1.20 in alternate pdftops filter allows local users ...
CVE-2007-5849Integer underflow in the asn1_get_string function in the SNMP back end ...
CVE-2007-5848Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin u ...
CVE-2007-5393Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...
CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...
CVE-2007-4352Array index error in the DCTStream::readProgressiveDataUnit method in ...
CVE-2007-4351Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...
CVE-2007-4045The CUPS service, as used in SUSE Linux before 20070720 and other Linu ...
CVE-2007-3387Integer overflow in the StreamPredictor::StreamPredictor function in x ...
CVE-2007-0720The CUPS service on multiple platforms allows remote attackers to caus ...
CVE-2005-4873Multiple stack-based buffer overflows in the phpcups PHP module for CU ...
CVE-2005-3628Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Strea ...
CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...
CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...
CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function i ...
CVE-2005-3192Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...
CVE-2005-3191Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...
CVE-2005-2874The is_path_absolute function in scheduler/client.c for the daemon in ...
CVE-2005-2097xpdf and kpdf do not properly validate the "loca" table in PDF files, ...
CVE-2005-0206The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CV ...
CVE-2005-0064Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...
CVE-2004-2154CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as cas ...
CVE-2004-1270lppasswd in CUPS 1.1.22, when run in environments that do not ensure t ...
CVE-2004-1269lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it enco ...
CVE-2004-1268lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS p ...
CVE-2004-1267Buffer overflow in the ParseCommand function in hpgl-input.c in the hp ...
CVE-2004-1125Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...
CVE-2004-0923CUPS 1.1.20 and earlier records authentication information for a devic ...
CVE-2004-0888Multiple integer overflows in xpdf 2.0 and 3.0, and other packages tha ...
CVE-2004-0558The Internet Printing Protocol (IPP) implementation in CUPS before 1.1 ...
CVE-2003-0788Unknown vulnerability in the Internet Printing Protocol (IPP) implemen ...
CVE-2003-0195CUPS before 1.1.19 allows remote attackers to cause a denial of servic ...
CVE-2002-1384Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...
CVE-2002-1383Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.1 ...
CVE-2002-1372Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not prop ...
CVE-2002-1371filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 throu ...
CVE-2002-1369jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 doe ...
CVE-2002-1368Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...
CVE-2002-1367Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...
CVE-2002-1366Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...
CVE-2001-1508Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...

Security announcements

DSA / DLADescription
ELA-1199-1cups - security update
ELA-1198-1cups - security update
DSA-5779-1cups - security update
DLA-3904-1cups - security update
DLA-3826-1cups - security update
ELA-978-1cups - security update
DLA-3594-1cups - security update
ELA-887-1cups - security update
DLA-3476-1cups - security update
DLA-3440-1cups - security update
ELA-860-1cups - security update
DLA-3029-1cups - security update
DSA-5149-1cups - security update
ELA-508-1cups - security update
DLA-2800-1cups - security update
DLA-2237-1cups - security update
DLA-2047-1cups - security update
DLA-1936-1cups - security update
ELA-167-1cups - security update
ELA-155-1cups - security update
DLA-1893-1cups - security update
DLA-1426-1cups - security update
ELA-15-1cups - security update
DSA-4243-1cups - security update
DLA-1412-1cups - security update
DLA-1387-1cups - security update
DLA-1288-1cups - security update
DLA-314-1cups - security update
DSA-3283-1cups - security update
DLA-239-1cups - security update
DLA-159-1cups - security update
DSA-3172-1cups - security update
DLA-0022-1cups - security update
DSA-2990-1cups - security update
DSA-2876-1cups - security update
DSA-2600-1cups - privilege escalation
DSA-2354-1cups - several
DSA-2176-1cups - several
DSA-2007-1cups - arbitrary code execution
DSA-1933-1cups cupsys - cross-site scripting
DSA-1811-1cups cupsys - denial of service
DSA-1773-1cups cupsys - arbitrary code execution

Search for package or bug name: Reporting problems