All errata/p10/ALT-PU-2024-14040-3
ALT-PU-2024-14040-3

Package update cups-filters in branch p10

Version1.28.17-alt3
Task#359118
Published2026-04-23
Max severityCRITICAL
Severity:

Closed issues (6)

BDU:2024-07643
CRITICAL9.0

Уязвимость демона cups-browsed сервера печати CUPS, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию

Published: 2024-10-01Modified: 2025-03-21
CVSS 3.xCRITICAL 9.0
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
References
BDU:2024-07644
MEDIUM6.8

Уязвимость функции cfGetPrinterAttributes5 библиотеки libcupsfilters сервера печати CUPS, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2024-10-01Modified: 2025-03-21
CVSS 3.xMEDIUM 6.8
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0MEDIUM 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N
References
BDU:2025-15977
LOW3.7

Уязвимость функции cfFilterImageToRaster сервера печати CUPS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Published: 2025-12-16Modified: 2026-05-06
CVSS 3.xLOW 3.7
CVSS:3.x/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.0LOW 2.9
CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:N
References
CVE-2024-47076
HIGH8.6

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

Published: 2024-09-26Modified: 2025-11-03
CVSS 3.xHIGH 8.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
References
CVE-2024-47176
MEDIUM5.3

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Published: 2024-09-26Modified: 2025-11-04
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References
CVE-2025-57812
LOW3.7

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the `imagetoraster` filter or its C-function equivalent `cfFilterImageToRaster()` gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is `_cfImageReadTIFF() in libcupsfilters`. When this function is invoked as part of `cfFilterImageToRaster()`, the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in `_cupsImageReadTIFF()`, which is called through `cupsImageOpen()` from the `imagetoraster` tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.

Published: 2025-11-12Modified: 2026-01-20
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
References