Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
cups to version 1.5.0-16 or higher.