CVE-2026-41079
EUVD-2026-2557424.04.2026, 17:16
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openprinting | cups | 𝑥 < 2.4.17 |
𝑥
= Vulnerable software versions
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| cups |
| ||
| cups-client |
| ||
| cups-client-debuginfo |
| ||
| cups-debuginfo |
| ||
| cups-debugsource |
| ||
| cups-devel |
| ||
| cups-filesystem |
| ||
| cups-ipptool |
| ||
| cups-ipptool-debuginfo |
| ||
| cups-libs |
| ||
| cups-libs-debuginfo |
| ||
| cups-lpd |
| ||
| cups-lpd-debuginfo |
| ||
| cups-printerapp |
| ||
| cups-printerapp-debuginfo |
|
Common Weakness Enumeration
Vulnerability Media Exposure
References