The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
https://bugzilla.redhat.com/show_bug.cgi?id=1084577
http://www.securityfocus.com/bid/73300