CVE-2014-8166 (retired)

Priority
Description
The browsing feature in the server in CUPS does not filter ANSI escape
sequences from shared printer names, which might allow remote attackers to
execute arbitrary code via a crafted printer name.
Notes
 sbeattie> printer names with ANSI escape sequences were allowed, can
 sbeattie> cause issues when doing lpstat -a in a terminal
 sbeattie> requires malicious adding of printers
 mdeslaur> this code was removed in cups 1.6
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Patches:
Redhat:https://bugzilla.redhat.com/attachment.cgi?id=916761
More Information

Updated: 2019-09-19 15:51:07 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)