Launchpad.net

CVE 2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

See the CVE page on Mitre.org for more details.