CVE-2025-61915

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

Database specific

{
    "cwe_ids": [
        "CWE-124",
        "CWE-129"
    ]
}

References

Affected packages

Git / github.com/openprinting/cups

Affected ranges

Type: GIT
Repo: https://github.com/openprinting/cups
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

433af45db06759081d4f3cd606e08ca634fc490a

Affected versions

v2.*

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2b1

v2.2b2

v2.2rc1

v2.3.0

v2.3.1

v2.3.3

v2.3.3op1

v2.3.3op2

v2.3b1

v2.3b2

v2.3b3

v2.3b4

v2.3b5

v2.3b6

v2.3b7

v2.3b8

v2.3rc1

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4b1

v2.4rc1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "cups/cups.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "77478087155392166827753678322261110249",
                "199629161088706978755561407205027215243",
                "242761163277272059188145473982024142479",
                "31183038617601839798647281261141047645",
                "290956483188464259330199195401068909924",
                "47716117503936234012778123479968869248",
                "127641381619247502457438674603461877569"
            ]
        },
        "id": "CVE-2025-61915-43860eb9",
        "signature_type": "Line",
        "source": "https://github.com/openprinting/cups/commit/433af45db06759081d4f3cd606e08ca634fc490a",
        "signature_version": "v1"
    }
]