oss-security - CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <455a73db-2a18-414e-bf51-214f61d70eb1@redhat.com>
Date: Thu, 27 Nov 2025 16:11:23 +0100
From: Zdenek Dohnal <zdohnal@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update
 and related issues

Hi all,

we have CVE-2025-61915 reported by SilverPlate3 in CUPS project - it is 
moderate vulnerability with CVSS 
6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H .

The advisory covers two reported issues related to cupsd daemon, and one 
issue discovered by Mike Sweet - detailed description in advisory: 
https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc

The commits fixing the issue:

- master: 
https://github.com/OpenPrinting/cups/commit/524749b0449b49d8967d4f777854259bf22b278a

- 2.4.x: 
https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0


Have a nice day,

Zdenek

-- 
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.