Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
cups to version 1.5.0-16 or higher.