CVE-2026-41079

< 2.4.17

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-ad

4.3MEDIUM

CVE-2026-39316

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

4.0MEDIUM

CVE-2026-39314

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

4.0MEDIUM

CVE-2026-34990

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

7.8HIGH

CVE-2026-34980

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

7.5HIGH

CVE-2026-34979

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

5.3MEDIUM

CVE-2026-34978

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

6.5MEDIUM

CVE-2026-27447

<= 2.4.16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior,

4.8MEDIUM

CVE-2025-61915

< 2.4.15

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a us

6.0MEDIUM

CVE-2025-58436

< 2.4.15

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a cl

5.1MEDIUM

CVE-2025-64524

<= 2.0.1

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems

3.3LOW

CVE-2025-64503

< 1.28.18

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems

4.0MEDIUM

CVE-2025-57812

< 1.28.17

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former `cups-

3.7LOW

CVE-2025-58364

< 2.4.13

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlie

6.5MEDIUM

CVE-2025-58060

< 2.4.13

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlie

8.0HIGH

CVE-2024-47176

all versions

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but

5.3MEDIUM

CVE-2024-35235

<= 2.4.8

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier

4.4MEDIUM

CVE-2023-4504

< 2.4.7

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible t

7.0HIGH

CVE-2023-34241

>= 2.2.0 and < 2.4.6

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in v

5.3MEDIUM

CVE-2023-32324

<= 2.4.2

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow

7.5HIGH

CVE-2022-26691

< 499.4

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monter

6.7MEDIUM

CVE-2021-25317

< 1.3.9

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager S

3.3LOW

CVE-2012-6094

< 1.5.4-1.1

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to

9.8CRITICAL

CVE-2018-4300

< 2.2.10

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the we

5.9MEDIUM

CVE-2018-6553

all versions

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use thi

8.8HIGH

CVE-2017-18248

< 2.2.6

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by

5.3MEDIUM

CVE-2017-18190

< 2.2.2

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to exec

7.5HIGH

CVE-2014-8166

< 1.6

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remo

8.8HIGH

CVE-2015-1159

<= 2.0.2

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.

CVE-2015-1158

<= 2.0.2

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-or

CVE-2014-9679

<= 2.0.1

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have uns

CVE-2014-5031

<= 1.7.4

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to o

CVE-2014-5030

<= 1.7.4

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl,

CVE-2014-5029

all versions

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/

CVE-2014-3537

<= 1.7.3

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file i

CVE-2014-2856

<= 1.7.1

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote at

CVE-2013-6891

<= 1.7.0

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a m

CVE-2012-5519

all versions

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /v

CVE-2011-3170

<= 1.4.8

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW s

CVE-2011-2896

<= 1.4.6

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read

CVE-2010-3702

<= 1.3.11

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, k

CVE-2010-2941

<= 1.4.4

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, wh

9.8CRITICAL

CVE-2010-2432

<= 1.4.3

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly han

CVE-2010-2431

<= 1.4.3

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a sy

CVE-2010-0542

<= 1.4.3

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return va

CVE-2010-1748

<= 1.4.3

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, M

CVE-2010-0393

all versions

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment vari

CVE-2010-0302

< 1.4.4

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.

7.5HIGH

CVE-2009-3553

all versions

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.

7.5HIGH

CVE-2009-1196

all versions

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of servi

CVE-2009-0949

< 1.3.10

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, w

7.5HIGH

CVE-2009-0791

all versions

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, G

CVE-2009-0164

<= 1.3.9

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for rem

CVE-2009-1183

<= 1.3.9

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote

CVE-2009-1182

<= 1.3.9

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and

CVE-2009-1181

<= 1.3.9

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-1180

<= 1.3.9

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-1179

<= 1.3.9

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other produc

CVE-2009-0800

<= 1.3.9

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,

CVE-2009-0799

<= 1.3.9

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att

CVE-2009-0195

all versions

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execut

CVE-2009-0166

<= 1.3.9

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denia

CVE-2009-0163

<= 1.3.9

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of servic

CVE-2009-0147

<= 1.3.9

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remo

CVE-2009-0146

<= 1.3.9

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remot

CVE-2009-0577

all versions

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attacke

CVE-2009-0032

all versions

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows loca

CVE-2008-5377

all versions

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file,

CVE-2008-5286

all versions

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code

CVE-2008-5184

<= 1.3.7

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, w

CVE-2008-5183

<= 1.3.9

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by

7.5HIGH

CVE-2008-3640

<= 1.3.8

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code vi

CVE-2008-3639

<= 1.3.8

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitra

CVE-2008-3641

<= 1.3.8

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via cra

CVE-2008-1033

all versions

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allow

CVE-2008-1722

all versions

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of

CVE-2008-1374

<= 1.3.11

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote at

CVE-2008-1373

all versions

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a

CVE-2008-0053

<= 1.3.5

Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitra

CVE-2008-0047

all versions

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with A

CVE-2008-0597

all versions

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of serv

CVE-2008-0596

all versions

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consu

CVE-2008-0882

all versions

Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (

CVE-2007-5849

all versions

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote a

CVE-2007-4351

<= 1.3.3

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash

CVE-2007-3387

<= 1.3.11

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf bef

CVE-2007-4045

< 1.2.0

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial o

CVE-2007-0720

< 1.2.8

The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negoti

CVE-2005-4873

all versions

Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to exec

CVE-2005-3626

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3625

all versions

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause

CVE-2005-3624

all versions

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and

CVE-2005-2874

all versions

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial

CVE-2005-2526

all versions

CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP

CVE-2005-2525

all versions

CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which

CVE-2005-0206

all versions

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certa

CVE-2004-0927

all versions

ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote at

CVE-2004-0926

all versions

Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code

CVE-2004-0924

all versions

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even w

CVE-2004-0923

all versions

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obt

CVE-2004-0889

all versions

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a deni

CVE-2004-0888

all versions

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow r

CVE-2004-1270

all versions

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is c

CVE-2004-1269

all versions

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.ne

CVE-2004-1268

all versions

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by

CVE-2004-1267

all versions

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to ex

CVE-2004-1125

all versions

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpd

CVE-2004-2154

< 1.1.21

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs

9.8CRITICAL

CVE-2004-0558

<= 1.1.21

The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (se

CVE-2003-0788

all versions

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to caus

CVE-2002-1384

all versions

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbit

CVE-2002-1383

all versions

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary

CVE-2002-1372

>= 1.1.14 and <= 1.1.17

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket oper

7.5HIGH

CVE-2002-1371

all versions

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images

CVE-2002-1369

all versions

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing

CVE-2002-1368

all versions

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly

CVE-2002-1367

all versions

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a cert

CVE-2002-1366

all versions

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary fi

CVE-2002-0063

<= 1.1.14

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names o

CVE-2001-1333

<= 1.1.5

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local u

CVE-2001-1332

<= 1.1.5

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

CVE-2001-0194

<= 1.1.4

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.