Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
cups to version 1.5.0-16 or higher.