CVE-2025-61915

OpenPrinting CUPS vulnerable to stack based out-of-bound write

CVSS 6 MEDIUMEPSS 0.4%CWE-124 CWE-129

In short

A user with printer admin rights can trick the CUPS printing system into writing data outside safe memory boundaries by submitting a malicious configuration through the web interface. This can allow attackers to crash the system or potentially execute code with root privileges.

Technical detail

CWE-124 and CWE-129 stack-based buffer overflow vulnerabilities exist in CUPS configuration parsing prior to v2.4.15. An authenticated attacker in the lpadmin group can inject a crafted configuration line via the web UI that causes the root-privileged cupsd process to write beyond allocated stack memory during parsing, enabling denial of service or privilege escalation.

Summary generated and translated by AI from the official description.

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected products

OpenPrinting · cups

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0 https://github.com/OpenPrinting/cups/releases/tag/v2.4.15 https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc http://www.openwall.com/lists/oss-security/2025/11/27/5