Описание
CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.10-1ubuntu2 |
| esm-infra/bionic | released | 2.2.7-1ubuntu2.10+esm6 |
| esm-infra/focal | not-affected | 2.3.1-9ubuntu1.9 |
| esm-infra/xenial | released | 2.1.3-4ubuntu0.11+esm8 |
| focal | released | 2.3.1-9ubuntu1.9 |
| jammy | released | 2.4.1op1-1ubuntu4.11 |
| noble | released | 2.4.7-1.2ubuntu7.3 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:2.1~b1-0ubuntu2 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | released | 2:2.0.0-0ubuntu4.1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
8.6 High
CVSS3
Связанные уязвимости
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CUPS is a standards-based, open-source printing system, and `libppd` c ...
EPSS
8.6 High
CVSS3