CVE-2017-15400

Published: 07 February 2018

Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
Upstream
Released (2.2.2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.2.6-5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41
Upstream: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b