CVE-2015-8560

HIGH7.3EPSS 9.3%

cups-filters - security update

Published: 4/14/2016Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-8560

Description

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

Affected packages (4)

Debian/cups-filtersfrom 0, < 1.4.0-1
Debian/cups-filtersfrom 0, < 1.0.61-5+deb8u3
Debian/foomatic-filtersfrom 0, < 4.0.17-7
Debian/foomatic-filtersfrom 0, < 4.0.5-6+squeeze2+deb6u12

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8560