pkg:Debian/cups
155 total CVEsCRITICAL5HIGH26MEDIUM29LOW2
✅ Check your installed version
All known vulnerabilities
- from 0, < 2.3.3op2-3+deb11u9
- from 0, < 2.4.2-3+deb12u8
- from 0, < 2.3.3op2-3+deb11u9
- CRITICAL9.8CVE-2010-2941ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allow…from 0, < 1.4.4-7
- CRITICAL9.8CVE-2004-2154CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a pri…from 0, < 1.1.20final+rc1-1
- from 0, < 2.2.12-1
- from 0, < 2.2.12-1
- HIGH8.8CVE-2018-6553The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links.from 0, < 2.2.8-5
- HIGH8.8CVE-2014-8166The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attack…from 0
- from 0, < 2.3.3op2-3+deb11u10
- from 0, < 2.3.3op2-3+deb11u10
- from 0, < 2.4.2-3+deb12u9
- from 0, < 2.3.1-12
- from 0, < 1.7.5-11+deb8u4
- from 0, < 2.2.8-2
- from 0, < 2.2.3-2
- from 0, < 2.2.1-8+deb9u2
- HIGH7.5CVE-2026-34980OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- from 0, < 1.5.3-5+deb7u7
- from 0, < 2.2.3-2
- from 0, < 1.7.5-11+deb8u3
- HIGH7.5CVE-2010-0302Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…from 0, < 1.4.2-10
- HIGH7.5CVE-2009-3553Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…from 0, < 1.4.2-4
- from 0, < 1.3.8-1+lenny6
- from 0, < 1.3.10-1
- from 0, < 1.3.8-1+lenny9
- from 0, < 1.3.9-13
- HIGH7.5CVE-2002-1372Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, w…from 0, < 1.1.18-1
- from 0, < 2.2.10-6+deb10u8
- from 0, < 2.3.3op2-3+deb11u3
- HIGH7.0CVE-2023-4504Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-…from 0, < 2.3.3op2-3+deb11u4
- MEDIUM6.7CVE-2025-61915OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- from 0, < 2.3.3op2-3+deb11u7
- from 0, < 2.2.10-6+deb10u10
- from 0, < 2.3.3op2-3+deb11u2
- from 0, < 2.2.10-6+deb10u6
- from 0, < 2.2.1-8+deb9u8
- MEDIUM6.5CVE-2026-34978OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- MEDIUM6.5CVE-2025-58364OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0, < 2.3.3op2-3+deb11u10
- MEDIUM6.3CVE-2026-27447OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- MEDIUM6.2CVE-2026-39316OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- MEDIUM6.2CVE-2026-39314OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- from 0, < 2.2.10-1
- from 0, < 1.7.5-11+deb8u6
- MEDIUM5.5CVE-2025-58436OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- from 0, < 2.3.3op2-3+deb11u4
- from 0, < 2.2.10-6+deb10u9
- from 0, < 2.2.10-6+deb10u7
- from 0, < 2.3.3op2-3+deb11u3
- from 0, < 2.2.1-8+deb9u7
- from 0, < 2.3.3op2-1
- from 0, < 1.7.5-11+deb8u7
- from 0, < 2.3.1-1
- from 0, < 1.7.5-11+deb8u5
- from 0, < 2.2.12-1
- from 0, < 2.2.8-2
- MEDIUM5.4CVE-2026-41079OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- MEDIUM5.3CVE-2026-34979OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- from 0, < 2.2.6-1
- from 0, < 1.5.3-5+deb7u8
- from 0, < 2.3.1-12
- from 0, < 1.7.5-11+deb8u8
- —CVE-2026-34990OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems.from 0
- —CVE-2015-3279Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (cra…from 0, < 1.5.0-16
- from 0, < 1.5.0-16
- from 0, < 1.4.4-7+squeeze10
- —CVE-2015-1159Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows…from 0, < 1.7.5-12
- from 0, < 1.5.3-5+deb7u6
- from 0, < 1.7.5-12
- from 0, < 1.4.4-7+squeeze8
- from 0, < 1.7.5-11
- from 0, < 1.4.4-7+squeeze7
- from 0, < 1.5.3-5+deb7u5
- —CVE-2014-5031The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains se…from 0, < 1.7.4-2
- —CVE-2014-5030CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index…from 0, < 1.7.4-2
- —CVE-2014-5029The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cup…from 0, < 1.7.4-2
- from 0, < 1.4.4-7+squeeze6
- from 0, < 1.7.4-1
- from 0, < 1.5.3-5+deb7u4
- —CVE-2014-2856Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers t…from 0, < 1.7.2-1
- —CVE-2013-6476The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local us…from 0, < 1.5.0-16
- —CVE-2013-6475Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0…from 0, < 1.5.0-16
- from 0, < 1.5.0-16
- from 0, < 1.4.4-7+squeeze4
- —CVE-2013-6891lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified H…from 0, < 1.7.1-1
- from 0, < 1.4.4-7+squeeze2
- from 0, < 1.5.3-2.7
- —CVE-2011-3170The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, wh…from 0, < 1.5.0-8
- from 0, < 1.5.0-8
- from 0, < 1.4.4-7+squeeze1
- —CVE-2010-2432The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a dem…from 0, < 1.4.4-1
- —CVE-2010-2431The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink att…from 0, < 1.4.4-1
- —CVE-2010-0542The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of c…from 0, < 1.4.4-1
- —CVE-2010-1748The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 1…from 0, < 1.4.4-1
- —CVE-2010-0540Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6…from 0, < 1.4.4-1
- from 0, < 1.4.2-9.1
- from 0, < 1.3.8-1+lenny8
- from 0, < 1.3.8-1+lenny7
- from 0, < 1.4.2-1
- —CVE-2009-1196The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd…from 0, < 1.1.99.b1.r4748-1
- —CVE-2009-0791Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and…from 0, < 1.3.10-1
- —CVE-2009-0164The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attac…from 0, < 1.3.10-1
- from 0, < 1.3.8-1lenny5
- from 0, < 1.3.10-1
- —CVE-2008-5377pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a differ…from 0, < 1.3.8-1lenny1
- from 0, < 1.3.8-1lenny4
- —CVE-2008-5184The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which make…from 0, < 1.3.8-1
- —CVE-2008-3640Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a craft…from 0, < 1.3.8-1lenny2
- from 0, < 1.3.8-1lenny2
- —CVE-2008-3641The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen…from 0, < 1.3.8-1lenny2
- —CVE-2008-1033The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attacke…from 0, < 1.3.7-1
- —CVE-2008-1722Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (…from 0, < 1.3.7-2
- from 0, < 1.3.7-1
- from 0, < 1.3.6-1
- from 0, < 1.3.6-3
- from 0, < 1.3.6-1
- from 0, < 1.3.5-1
- —CVE-2007-5848Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.from 0, < 1.2.0
- —CVE-2007-6358pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].…from 0, < 1.3.5-1
- from 0, < 1.1.22-7
- —CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a c…from 0, < 1.1.22-7
- from 0, < 1.1.22-7
- from 0, < 1.3.4-1
- —CVE-2007-4045The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service…from 0, < 1.2
- —CVE-2007-0720The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL…from 0, < 1.2.7-1
- —CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others al…from 0, < 1.1.22-7
- —CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…from 0, < 1.1.22-7
- —CVE-2005-3628Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, popp…from 0, < 1.1.22-7
- —CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…from 0, < 1.1.22-7
- —CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to m…from 0, < 1.1.22-7
- —CVE-2005-4873Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbit…from 0, < 1.1.23-10sarge1
- from 0, < 1.1.23-13
- from 0, < 1.1.23-13
- —CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier…from 0, < 1.1.23-13
- —CVE-2005-2874The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of servi…from 0, < 1.1.23-1
- from 0, < 1.1.22-7
- from 0, < 1.1.22-6
- —CVE-2005-0206The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…from 0, < 1.1.22-7
- from 0, < 1.1.20final+rc1-9
- from 0, < 1.1.22-6
- —CVE-2004-1268lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling t…from 0, < 1.1.22-2
- from 0, < 1.1.22-2
- —CVE-2004-1267Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arb…from 0, < 1.1.22-2
- —CVE-2004-1270lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, do…from 0, < 1.1.22-2
- —CVE-2004-1269lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which…from 0, < 1.1.22-2
- from 0, < 1.1.20final+rc1-6
- —CVE-2003-0788Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denia…from 0, < 1.1.19
- from 0, < 1.1.19final-1
- from 0, < 1.1.18-1
- from 0, < 1.1.18-1
- —CVE-2002-1368Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute…from 0, < 1.1.18-1
- —CVE-2002-1369jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the opti…from 0, < 1.1.18-1
- —CVE-2002-1371filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which a…from 0, < 1.1.18-1
- —CVE-2002-1383Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via…from 0, < 1.1.18-1
- —CVE-2002-1367Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP p…from 0, < 1.1.18-1