{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39314", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T19:31:07.266Z", "datePublished": "2026-04-07T16:59:23.808Z", "dateUpdated": "2026-04-07T18:34:19.683Z"}, "containers": {"cna": {"title": "CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`", "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "lang": "en", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7"}], "affected": [{"vendor": "OpenPrinting", "product": "cups", "versions": [{"version": "<= 2.4.16", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T16:59:23.808Z"}, "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service."}], "source": {"advisory": "GHSA-pp8w-2g52-7vj7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T18:34:10.694006Z", "id": "CVE-2026-39314", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T18:34:19.683Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A2A4507-B2D7-43B8-B008-6EC2F5053FA9", "versionEndIncluding": "2.4.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service."}], "id": "CVE-2026-39314", "lastModified": "2026-04-16T18:13:32.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-07T17:16:37.073", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "cups: CUPS: Denial of Service via integer underflow in IPP attribute handling", "id": "2456107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-191", "details": ["A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-39314", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-07T16:59:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-39314\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-39314\nhttps://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7"], "statement": "This Moderate impact vulnerability in CUPS allows an unprivileged local user to trigger a denial of service by providing a specially crafted IPP attribute. This can repeatedly crash the `cupsd` root process, leading to a sustained denial of service on Red Hat Enterprise Linux systems where CUPS is enabled.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.4.16]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "cups", "source": "cna", "vendor": "OpenPrinting"}, "product": "cups", "vendor": "openprinting"}], "analysis": {"en": {"generated_at": "2026-04-07T22:05:18.720805+00:00", "value": {"mitigation_remediation": ["Update CUPS to version 2.4.17 or later according to the advisory at https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7", "If an immediate upgrade is not possible, restrict local access to the cupsd service or disable printing until the update is applied", "Monitor system logs for repeated SIGSEGV failures that may indicate survivors of the crash"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "OpenPrinting CUPS, versions 2.4.16 and earlier, running on Linux and other Unix\u2011like operating systems, is affected. This includes the standard cupsd service that processes print jobs and is often started automatically via systemd.", "description_and_impact": "The integer underflow occurs in the _ppdCreateFromIPP function when the job-password-supported IPP attribute is supplied as a negative value. The bounds check only caps the upper limit, allowing the negative value to pass validation and be cast to a size_t. That value is then used as the length argument to memset on a 33\u2011byte stack buffer, causing an immediate segmentation fault in the cupsd root process. The result is a denial of service that can be repeatedly triggered by an unprivileged local user.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a low overall risk, and the exploit probability is not published. The vulnerability has not been listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The attack vector is local; an unprivileged user can send a crafted print job containing a negative job-password-supported attribute to trigger the crash. Because systemd is configured to restart cupsd on failure, the denial of service can be sustained until the service is patched or stopped. No remote exploitation path is reported."}}}}, "created": "2026-04-08T19:36:31.489422+00:00", "updated": "2026-04-08T19:47:34.441813+00:00", "vendors": ["openprinting", "openprinting$PRODUCT$cups"]}