Arbitrary code execution and privilege escalation via integer overflow in hpcups
Summary
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data. A flaw was found in HP Linux Imaging and Printing Software (HPLIP). An integer overflow in the hpcups processing path when handling crafted print data may lead to arbitrary code execution or privilege escalation on the affected system. HPLIP's hpcups component is vulnerable to integer overflow when processing crafted print data. A remote attacker who can submit print job content to the hpcups filter path may achieve arbitrary code execution or privilege escalation on systems using HPLIP for printing. Red Hat severity: Important — CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-190. Fixed by RHSA-2026:26228, RHSA-2026:26335, RHSA-2026:26297 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6.
- hplip-0:3.21.2-6.el9_8.4
- hplip-0:3.23.12-10.el10_2.4
- hplip-0:3.18.4-13.el8_10
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- hplip-0:3.23.12-10.el10_2.4
- hplip-0:3.18.4-13.el8_10
- hplip-0:3.21.2-6.el9_8.4
- RHSA-2026:26228
- RHSA-2026:26335
- RHSA-2026:26297
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:26297 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.