Vulnerability Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openprinting | Cups | < 2.4.15 |
Related Weaknesses (CWE)
References
- https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6Patch
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.15Release Notes
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrrExploitVendor Advisory
- http://www.openwall.com/lists/oss-security/2025/11/27/4Mailing ListThird Party Advisory
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrrExploitVendor Advisory
FAQ
What is CVE-2025-58436?
CVE-2025-58436 is a vulnerability with a CVSS score of 5.1 (MEDIUM). OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byt...
How severe is CVE-2025-58436?
CVE-2025-58436 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-58436?
Check the references section above for vendor advisories and patch information. Affected products include: Openprinting Cups.