Fluid Attacks Database

Description

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	cups-filters	>=0 <1.0.61-5	1.0.61-5
debian 12	cups-filters	>=0 <1.0.61-5	1.0.61-5
debian 11	cups-filters	>=0 <1.0.61-5	1.0.61-5
debian 13	cups-filters	>=0 <1.0.61-5	1.0.61-5

Aliases

1. CVE-2015-22652. NVD-2015-22653. OSV-DEBIAN-2015-22654. OSV-2015-22655. SECURITY-TRACKER-CVE-2015-2265

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.