{"id":"AZL-71146","summary":"CVE-2025-61915 affecting package cups for versions less than 2.4.16-1","details":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.","modified":"2026-04-01T05:22:01.745258Z","published":"2025-11-29T03:15:59Z","upstream":["CVE-2025-61915"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61915"}],"affected":[{"package":{"name":"cups","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/cups"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.16-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71146.json"}}],"schema_version":"1.7.5"}