CVE-2015-2265

Description

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

How to fix CVE-2015-2265

To remediate CVE-2015-2265, upgrade the affected package to a fixed version below.

• Debian/cups-filters—upgrade to 1.0.61-5 or later

Is CVE-2015-2265 being exploited?

Moderate — EPSS is 5.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.0.61-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-2265