The vulnerability is an RCE in CUPS that allows an attacker to execute arbitrary commands when sending a print job. The disclosure has already been leaked: https://news.ycombinator.com/item?id=41662355