Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-47076

Опубликовано: 26 сент. 2024
Источник: redhat
CVSS3: 8.2
EPSS Высокий

Описание

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.

Меры по смягчению последствий

See the security bulletin for a detailed mitigation procedure.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2314253cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

EPSS

Процентиль: 99%
0.80626
Высокий

8.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-47076

CVSS3: 8.6
ubuntu
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

nvd логотип

CVE-2024-47076

CVSS3: 8.6
nvd
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

debian логотип

CVE-2024-47076

CVSS3: 8.6
debian
9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libcupsfi ...

fstec логотип

BDU:2024-07644

CVSS3: 6.8
fstec
9 месяцев назад

Уязвимость функции cfGetPrinterAttributes5 библиотеки libcupsfilters сервера печати CUPS, позволяющая нарушителю раскрыть защищаемую информацию

suse-cvrf логотип

SUSE-SU-2024:3863-1

suse-cvrf
8 месяцев назад

Security update for cups-filters

EPSS

Процентиль: 99%
0.80626
Высокий

8.2 High

CVSS3