Strix
26.1K

CVE-2015-8560

UnknownEPSS 5.25%

Last modified

CVE-2015-8560 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.. EPSS estimates a 5.25% chance of exploitation in the next 30 days.

Description

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

Metrics

EPSS Probability
5.25%

91.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
CanonicalUbuntu Linux12.04
CanonicalUbuntu Linux14.04
CanonicalUbuntu Linux15.04
CanonicalUbuntu Linux15.10
DebianDebian Linux8.0
LinuxfoundationCups-Filters1.0.42
LinuxfoundationCups-Filters1.0.43
LinuxfoundationCups-Filters1.0.44
LinuxfoundationCups-Filters1.0.45
LinuxfoundationCups-Filters1.0.46
LinuxfoundationCups-Filters1.0.47
LinuxfoundationCups-Filters1.0.48
LinuxfoundationCups-Filters1.0.49
LinuxfoundationCups-Filters1.0.50
LinuxfoundationCups-Filters1.0.51
LinuxfoundationCups-Filters1.0.52
LinuxfoundationCups-Filters1.0.53
LinuxfoundationCups-Filters1.0.54
LinuxfoundationCups-Filters1.0.55
LinuxfoundationCups-Filters1.0.56
LinuxfoundationCups-Filters1.0.57
LinuxfoundationCups-Filters1.0.58
LinuxfoundationCups-Filters1.0.59
LinuxfoundationCups-Filters1.0.60
LinuxfoundationCups-Filters1.0.61
LinuxfoundationCups-Filters1.0.62
LinuxfoundationCups-Filters1.0.63
LinuxfoundationCups-Filters1.0.64
LinuxfoundationCups-Filters1.0.65
LinuxfoundationCups-Filters1.0.66
LinuxfoundationCups-Filters1.0.67
LinuxfoundationCups-Filters1.0.68
LinuxfoundationCups-Filters1.0.69
LinuxfoundationCups-Filters1.0.70
LinuxfoundationCups-Filters1.0.71
LinuxfoundationCups-Filters1.0.72
LinuxfoundationCups-Filters1.0.73
LinuxfoundationCups-Filters1.0.74
LinuxfoundationCups-Filters1.0.75
LinuxfoundationCups-Filters1.0.76
LinuxfoundationCups-Filters1.1.0
LinuxfoundationCups-Filters1.2.0
LinuxfoundationCups-Filters1.3.0
LinuxfoundationFoomatic-Filters4.0.0
LinuxfoundationFoomatic-Filters4.0.1
LinuxfoundationFoomatic-Filters4.0.2
LinuxfoundationFoomatic-Filters4.0.3
LinuxfoundationFoomatic-Filters4.0.4
LinuxfoundationFoomatic-Filters4.0.5
LinuxfoundationFoomatic-Filters4.0.6

Showing 50 of 61 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-8560?
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
How severe is CVE-2015-8560?
Severity scoring for CVE-2015-8560 is pending analysis. The EPSS model estimates a 5.25% probability of exploitation in the next 30 days.
How do I fix CVE-2015-8560?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8560?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST