MEDIUM🇬🇧 English

CVE-2026-41079

CVSS 4.3v3.1pub. 2026-04-24upd. 2026-04-27

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Openprinting Cups

    APP
    Openprinting
    < 2.4.17
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2025-58060HIGH8.0ten sam produkt

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...

CVE-2023-4504HIGH7.0ten sam produkt

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libp...

CVE-2023-32324HIGH7.5ten sam produkt

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulne...

CVE-2026-39314MEDIUM4.0ten sam produkt

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...

CVE-2026-39316MEDIUM4.0ten sam produkt

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...