2456107 – (CVE-2026-39314) CVE-2026-39314 cups: CUPS: Denial of Service via integer underflow in IPP attribute handling

Bug 2456107 (CVE-2026-39314) - CVE-2026-39314 cups: CUPS: Denial of Service via integer underflow in IPP attribute handling

Summary: CVE-2026-39314 cups: CUPS: Denial of Service via integer underflow in IPP att...

Keywords:
Status:	NEW
Alias:	CVE-2026-39314
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2456362
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-07 18:02 UTC by OSIDB Bzimport
Modified:	2026-04-08 06:04 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-07 18:02:39 UTC

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service.

Note You need to log in before you can comment on or make changes to this bug.