Fluid Attacks Database

Description

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	cups-filters	>=0 <1.2.0-1	1.2.0-1
debian 14	cups-filters	>=0 <1.2.0-1	1.2.0-1
debian 14	foomatic-filters	>=0 <4.0.17-7	4.0.17-7
debian 12	cups-filters	>=0 <1.2.0-1	1.2.0-1
debian 13	foomatic-filters	>=0 <4.0.17-7	4.0.17-7
debian 12	foomatic-filters	>=0 <4.0.17-7	4.0.17-7
debian 11	cups-filters	>=0 <1.2.0-1	1.2.0-1
debian 11	foomatic-filters	>=0 <4.0.17-7	4.0.17-7
rpm rhel7	foomatic	-	-
rpm rhel6	foomatic	<0:4.0.4-5.el6_7	0:4.0.4-5.el6_7

Aliases

1. CVE-2015-83272. NVD-2015-83273. OSV-DEBIAN-2015-83274. OSV-2015-83275. SECURITY-TRACKER-CVE-2015-8327

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.