Command Injection Vulnerability in CUPS-Filters Affecting Linux Distributions
CVE-2014-2707

Currently unrated

Key Information:

Vendor: Linux
Status: Cups-filters
Vendor: CVE Published:; 17 April 2014

Summary

A command injection vulnerability exists in the CUPS Filters version 1.0.41 and earlier, specifically within the cups-browsed component. This vulnerability could allow remote IPP (Internet Printing Protocol) printers to execute arbitrary commands on the host system. The exploitation occurs through shell metacharacters in the model or page description language (PDL) input, which are improperly handled in the generation of System V interface scripts for print queues. This could potentially lead to unauthorized command execution and system compromise if left unaddressed. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

References

http://secunia.com/advisories/57530

third-party-advisoryx_refsource_SECUNIA

http://bzr.linuxfoundation.org/loggerhead/openprinting/cu...

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Apr 1, 2014