Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-47175

Date: September 26, 2024

CUPS is a standards-based, open-source printing system, and "libppd" can be used for legacy PPD file support. The "libppd" function "ppdCreatePPDFromIPP2" does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as "cfGetPrinterAttributes5", can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Language: C

Severity Score

Related Resources (13)

https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://security-tracker.debian.org/tracker/CVE-2024-47175
http://www.openwall.com/lists/oss-security/2024/09/27/3
https://security.alpinelinux.org/vuln/CVE-2024-47175
https://nvd.nist.gov/vuln/detail/CVE-2024-47175
https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://www.cups.org
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://www.mend.io/vulnerability-database/CVE-2024-47175

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us