The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.
Conclusion & alert: CVE-2005-2874 is rated High Exploit Risk (62.8/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.43%). Core evidence: 2 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-06-30 | 1.54% | 1.43% | -0.10% |
| 2 | 2025-03-30 | 4.19% | 1.54% | -2.65% |
| 3 | 2025-03-29 | — | 4.19% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2005-2874 not yet assigned priority: Debian including 1 source packages (cups), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2005-2874 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2005-2874 |
ubuntu
|
medium | CVE-2005-2874 medium priority: Ubuntu including 1 source packages (cupsys), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): not-affected 3, needs-triage 1. | https://ubuntu.com/security/CVE-2005-2874 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| easy_software_products | cups | 1.1 | cpe:2.3:a:easy_software_products:cups:1.1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.1 | cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.2 | cpe:2.3:a:easy_software_products:cups:1.1.2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.3 | cpe:2.3:a:easy_software_products:cups:1.1.3:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.4 | cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.5 | cpe:2.3:a:easy_software_products:cups:1.1.5:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.5_1 | cpe:2.3:a:easy_software_products:cups:1.1.5_1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.5_2 | cpe:2.3:a:easy_software_products:cups:1.1.5_2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.6 | cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.6_1 | cpe:2.3:a:easy_software_products:cups:1.1.6_1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.6_2 | cpe:2.3:a:easy_software_products:cups:1.1.6_2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.6_3 | cpe:2.3:a:easy_software_products:cups:1.1.6_3:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.7 | cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.8 | cpe:2.3:a:easy_software_products:cups:1.1.8:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.9 | cpe:2.3:a:easy_software_products:cups:1.1.9:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.9_1 | cpe:2.3:a:easy_software_products:cups:1.1.9_1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.10 | cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.10_1 | cpe:2.3:a:easy_software_products:cups:1.1.10_1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.11 | cpe:2.3:a:easy_software_products:cups:1.1.11:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.12 | cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.13 | cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.14 | cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.15 | cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.16 | cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.17 | cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.18 | cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19 | cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19_rc1 | cpe:2.3:a:easy_software_products:cups:1.1.19_rc1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19_rc2 | cpe:2.3:a:easy_software_products:cups:1.1.19_rc2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19_rc3 | cpe:2.3:a:easy_software_products:cups:1.1.19_rc3:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19_rc4 | cpe:2.3:a:easy_software_products:cups:1.1.19_rc4:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.19_rc5 | cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20 | cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc1 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc2 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc3 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc3:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc4 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc4:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc5 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc5:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.20_rc6 | cpe:2.3:a:easy_software_products:cups:1.1.20_rc6:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.21 | cpe:2.3:a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.21_rc1 | cpe:2.3:a:easy_software_products:cups:1.1.21_rc1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.21_rc2 | cpe:2.3:a:easy_software_products:cups:1.1.21_rc2:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.22 | cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.22_rc1 | cpe:2.3:a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:* |
| easy_software_products | cups | 1.1.22_rc2 | cpe:2.3:a:easy_software_products:cups:1.1.22_rc2:*:*:*:*:*:*:* |