What is CVE-2015-8327?

CVE-2015-8327 is a vulnerability in Linuxfoundation Cups-filters. Published 2015-12-17.

Is CVE-2015-8327 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linuxfoundation Cups-filters

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

EPSS: 0.181 (95.3th percentile) — read the EPSS interpretation.

Affected products

Linuxfoundation Cups-filters — versions 1.0.42, 1.0.43, 1.0.44
Linuxfoundation Foomatic-filters — versions 4.0.0, 4.0.1, 4.0.2
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
Debian Debian_linux — versions 8.0
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_hpc_node — versions 6.0
Redhat Enterprise_linux_server — versions 6.0
Redhat Enterprise_linux_server_eus — versions 6.7.z
Redhat Enterprise_linux_workstation — versions 6.0
N/a — versions n/a

Public proof-of-concept exploits

andir/nixos-issue-db-example

References

USN-2831-1 (x_refsource_UBUNTU, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
78524 (vdb-entry, x_refsource_BID)
[debian-printing] 20151126 cups-filters 1.2.0 released! (mailing-list, x_refsource_MLIST)
USN-2831-2 (x_refsource_UBUNTU, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-3429 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2016:0491 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2015-8327?: CVE-2015-8327 is a vulnerability in Linuxfoundation Cups-filters. Published 2015-12-17.
Is CVE-2015-8327 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.