Search for packages
| purl | pkg:deb/debian/cups-filters@1.21.6-5 |
| Next non-vulnerable version | 1.28.17-3+deb12u1 |
| Latest non-vulnerable version | 1.28.17-3+deb12u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5335-kq4z-zfgt
Aliases: CVE-2024-47176 |
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9rre-nemp-aaar
Aliases: CVE-2023-24805 |
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-vk83-kkj8-sffy
Aliases: CVE-2024-47076 |
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T20:06:03.366324+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 36.1.3 |
| 2025-06-21T18:10:08.257432+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T15:20:41.323530+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T08:15:56.690114+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | None | 36.1.3 |
| 2025-06-08T10:41:33.734815+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T08:14:49.379820+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:57:18.812678+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | None | 36.1.0 |
| 2025-04-13T02:06:09.969865+00:00 | Debian Oval Importer | Affected by | VCID-vk83-kkj8-sffy | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:06:09.240665+00:00 | Debian Oval Importer | Affected by | VCID-5335-kq4z-zfgt | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:23:20.239269+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:46:31.336916+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T00:28:57.052476+00:00 | Debian Oval Importer | Affected by | VCID-9rre-nemp-aaar | None | 36.0.0 |
| 2025-04-05T16:15:50.274625+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 36.0.0 |
| 2025-02-21T09:45:58.393407+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 35.1.0 |
| 2024-04-26T02:06:17.347181+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 34.0.0rc4 |
| 2024-01-12T12:05:21.448413+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 34.0.0rc2 |
| 2024-01-05T08:07:00.964238+00:00 | Debian Importer | Affected by | VCID-9rre-nemp-aaar | None | 34.0.0rc1 |