Updated: 2025-12-28 03:21:34.647545
Description:
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 6.7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | cups | 2.3.3op2 | 6.7 | MEDIUM | Released | CLSA-2026:1769515411 | 2026-01-27 15:00:54 | |
| CentOS 8.4 ELS | cups | 2.2.6 | 6.7 | MEDIUM | Ignored | 2026-01-17 00:51:17 | Deprioritize: exploitation requires an already-privileged lpadmin user to modify CUPS settings via t... | |
| CentOS 8.5 ELS | cups | 2.2.6 | 6.7 | MEDIUM | Ignored | 2026-01-17 00:51:18 | Deprioritize: exploitation requires an already-privileged lpadmin user to modify CUPS settings via t... | |
| CentOS Stream 8 ELS | cups | 2.2.6 | 6.7 | MEDIUM | Ignored | 2026-01-17 00:51:18 | Deprioritize: exploitation requires an already-privileged lpadmin user to modify CUPS settings via t... | |
| TuxCare 9.6 ESU | cups | 2.3.3op2 | 6.7 | MEDIUM | Released | CLSA-2026:1769516003 | 2026-01-27 15:00:52 | |
| Ubuntu 16.04 ELS | cups | 2.1.3-4 | 6.7 | MEDIUM | In Testing | 2026-02-10 14:14:29 | The fix for CVE-2025-61915 introduces a new PeerCred configuration directive and associated build-ti... | |
| Ubuntu 18.04 ELS | cups | 2.2.7-1 | 6.7 | MEDIUM | In Testing | 2026-02-10 14:14:28 | The fix for CVE-2025-61915 introduces a new PeerCred configuration directive and associated build-ti... |