OpenPrinting CUPS: Heap overflow in `get_options()`

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.

Affected Products

Vendor	Product	Versions
openprinting	cups	<= 2.4.16

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh(x_refsource_CONFIRM)

Related News (2 articles)

Tier C

VulDB6h ago

CVE-2026-34979 | OpenPrinting CUPS up to 2.4.16 on Linux Attributes heap-based overflow

→ No new info (linked only)

Tier B

BSI Advisories2d ago

[NEU] [mittel] CUPS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-122

PublishedApr 3, 2026

Last enriched6h agov2

Trending Score59

Source articles2

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v16h ago

Initial creation

OpenPrinting CUPS: Heap overflow in `get_options()`

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History