Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-47175

Опубликовано: 26 сент. 2024
Источник: debian
EPSS Средний

Описание

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
cupsfixed2.4.10-2package
libppdnot-affectedpackage

Примечания

  • https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

  • https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

  • Introduced after: https://github.com/OpenPrinting/libppd/commit/788993656f8e9260961c42c140ff2b5a07d364aa (2.0b1)

  • Fixed by: https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477

  • Additional bugfixes (https://www.openwall.com/lists/oss-security/2024/09/27/3)

  • https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5

  • https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69

  • https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844

  • https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd

  • https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b

EPSS

Процентиль: 96%
0.28751
Средний

Связанные уязвимости

ubuntu логотип

CVE-2024-47175

CVSS3: 8.6
ubuntu
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

redhat логотип

CVE-2024-47175

CVSS3: 7.7
redhat
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

nvd логотип

CVE-2024-47175

CVSS3: 8.6
nvd
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

rocky логотип

RLSA-2025:0083

rocky
5 месяцев назад

Low: cups security update

oracle-oval логотип

ELSA-2025-0083

oracle-oval
5 месяцев назад

ELSA-2025-0083: cups security update (LOW)

EPSS

Процентиль: 96%
0.28751
Средний