CVE-2015-8560

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
debiandebian_linux
8.0
linuxfoundationcups-filters
1.0.42
linuxfoundationcups-filters
1.0.43
linuxfoundationcups-filters
1.0.44
linuxfoundationcups-filters
1.0.45
linuxfoundationcups-filters
1.0.46
linuxfoundationcups-filters
1.0.47
linuxfoundationcups-filters
1.0.48
linuxfoundationcups-filters
1.0.49
linuxfoundationcups-filters
1.0.50
linuxfoundationcups-filters
1.0.51
linuxfoundationcups-filters
1.0.52
linuxfoundationcups-filters
1.0.53
linuxfoundationcups-filters
1.0.54
linuxfoundationcups-filters
1.0.55
linuxfoundationcups-filters
1.0.56
linuxfoundationcups-filters
1.0.57
linuxfoundationcups-filters
1.0.58
linuxfoundationcups-filters
1.0.59
linuxfoundationcups-filters
1.0.60
linuxfoundationcups-filters
1.0.61
linuxfoundationcups-filters
1.0.62
linuxfoundationcups-filters
1.0.63
linuxfoundationcups-filters
1.0.64
linuxfoundationcups-filters
1.0.65
linuxfoundationcups-filters
1.0.66
linuxfoundationcups-filters
1.0.67
linuxfoundationcups-filters
1.0.68
linuxfoundationcups-filters
1.0.69
linuxfoundationcups-filters
1.0.70
linuxfoundationcups-filters
1.0.71
linuxfoundationcups-filters
1.0.72
linuxfoundationcups-filters
1.0.73
linuxfoundationcups-filters
1.0.74
linuxfoundationcups-filters
1.0.75
linuxfoundationcups-filters
1.0.76
linuxfoundationcups-filters
1.1.0
linuxfoundationcups-filters
1.2.0
linuxfoundationcups-filters
1.3.0
linuxfoundationfoomatic-filters
4.0.0
linuxfoundationfoomatic-filters
4.0.1
linuxfoundationfoomatic-filters
4.0.2
linuxfoundationfoomatic-filters
4.0.3
linuxfoundationfoomatic-filters
4.0.4
linuxfoundationfoomatic-filters
4.0.5
linuxfoundationfoomatic-filters
4.0.6
linuxfoundationfoomatic-filters
4.0.7
linuxfoundationfoomatic-filters
4.0.8
linuxfoundationfoomatic-filters
4.0.9
linuxfoundationfoomatic-filters
4.0.10
linuxfoundationfoomatic-filters
4.0.11
linuxfoundationfoomatic-filters
4.0.12
linuxfoundationfoomatic-filters
4.0.13
linuxfoundationfoomatic-filters
4.0.14
linuxfoundationfoomatic-filters
4.0.15
linuxfoundationfoomatic-filters
4.0.16
linuxfoundationfoomatic-filters
4.0.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cups-filters
bullseye
1.28.7-1+deb11u2
fixed
wheezy
not-affected
bullseye (security)
1.28.7-1+deb11u3
fixed
bookworm
1.28.17-3
fixed
bookworm (security)
1.28.17-3+deb12u1
fixed
sid
1.28.17-5
fixed
trixie
1.28.17-5
fixed
foomatic-filters
bullseye
4.0.17-12
fixed
wheezy
not-affected
sid
4.0.17-16
fixed
trixie
4.0.17-16
fixed
bookworm
4.0.17-16
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cups-filters
xenial
not-affected
wily
Fixed 1.0.76-1ubuntu0.2
released
vivid
Fixed 1.0.67-0ubuntu2.6
released
trusty
Fixed 1.0.52-0ubuntu1.7
released
precise
not-affected
foomatic-filters
xenial
not-affected
wily
ignored
vivid
ignored
trusty
Fixed 4.0.17-1+deb7u1ubuntu0.14.04.1
released
precise
Fixed 4.0.16-0ubuntu0.4
released
References
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
http://rhn.redhat.com/errata/RHSA-2016-0491.html
http://www.debian.org/security/2015/dsa-3419
http://www.debian.org/security/2015/dsa-3429
http://www.openwall.com/lists/oss-security/2015/12/13/2
http://www.openwall.com/lists/oss-security/2015/12/14/13
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.ubuntu.com/usn/USN-2838-1
http://www.ubuntu.com/usn/USN-2838-2
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
http://rhn.redhat.com/errata/RHSA-2016-0491.html
http://www.debian.org/security/2015/dsa-3419
http://www.debian.org/security/2015/dsa-3429
http://www.openwall.com/lists/oss-security/2015/12/13/2
http://www.openwall.com/lists/oss-security/2015/12/14/13
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.ubuntu.com/usn/USN-2838-1
http://www.ubuntu.com/usn/USN-2838-2