Arbitrary Command Execution in cups-filters (CVE-2014-2707)

Arbitrary Command Execution in cups-filters (CVE-2014-2707)

CVE-2015-2265 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

Learn more about our Web Application Penetration Testing UK.