CVE-2011-2697

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
hplinux_imaging_and_printing_project
3.11.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
foomatic-filters
bookworm
4.0.17-16
fixed
bullseye
4.0.17-12
fixed
sid
4.0.17-16
fixed
trixie
4.0.17-16
fixed
hplip
bookworm
3.22.10+dfsg0-2
fixed
bullseye
3.21.2+dfsg1-2
fixed
sid
3.22.10+dfsg0-5.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
foomatic-filters
hardy
Fixed 3.0.2-20071204-0ubuntu2.3
released
lucid
not-affected
maverick
not-affected
natty
not-affected
hplip
hardy
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
hplip
suse enterprise sap 12 SP5
3.16.11-1.33
fixed
suse enterprise server 12
3.14.6-3.5
fixed
suse enterprise server 12 SP2
3.14.6-3.5
fixed
suse enterprise server 12 SP3
3.16.11-1.33
fixed
suse enterprise server 12 SP4
3.16.11-1.33
fixed
suse enterprise server 12 SP5
3.16.11-1.33
fixed
hplip-devel
suse enterprise desktop 15
3.17.9-3.38
fixed
suse enterprise sap 15
3.17.9-3.38
fixed
suse enterprise server 15
3.17.9-3.38
fixed
hplip-hpijs
suse enterprise desktop 15
3.17.9-3.38
fixed
suse enterprise sap 12 SP5
3.16.11-1.33
fixed
suse enterprise sap 15
3.17.9-3.38
fixed
suse enterprise server 12
3.14.6-3.5
fixed
suse enterprise server 12 SP2
3.14.6-3.5
fixed
suse enterprise server 12 SP3
3.16.11-1.33
fixed
suse enterprise server 12 SP4
3.16.11-1.33
fixed
suse enterprise server 12 SP5
3.16.11-1.33
fixed
suse enterprise server 15
3.17.9-3.38
fixed
hplip-sane
suse enterprise desktop 15
3.17.9-3.38
fixed
suse enterprise sap 12 SP5
3.16.11-1.33
fixed
suse enterprise sap 15
3.17.9-3.38
fixed
suse enterprise server 12
3.14.6-3.5
fixed
suse enterprise server 12 SP2
3.14.6-3.5
fixed
suse enterprise server 12 SP3
3.16.11-1.33
fixed
suse enterprise server 12 SP4
3.16.11-1.33
fixed
suse enterprise server 12 SP5
3.16.11-1.33
fixed
suse enterprise server 15
3.17.9-3.38
fixed
Common Weakness Enumeration
References
http://security.gentoo.org/glsa/glsa-201203-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
http://www.openwall.com/lists/oss-security/2011/07/13/3
http://www.openwall.com/lists/oss-security/2011/07/18/3
http://www.openwall.com/lists/oss-security/2011/07/28/1
http://www.ubuntu.com/usn/USN-1194-1
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.novell.com/show_bug.cgi?id=698451
https://bugzilla.redhat.com/show_bug.cgi?id=721001
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
http://security.gentoo.org/glsa/glsa-201203-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
http://www.openwall.com/lists/oss-security/2011/07/13/3
http://www.openwall.com/lists/oss-security/2011/07/18/3
http://www.openwall.com/lists/oss-security/2011/07/28/1
http://www.ubuntu.com/usn/USN-1194-1
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.novell.com/show_bug.cgi?id=698451
https://bugzilla.redhat.com/show_bug.cgi?id=721001
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993