CVE-2024-47175

2024-09-2622:15:04

Debian Security Bug Tracker

security-tracker.debian.org

cups

printing system

libppd

ipp attributes

code execution

exploit chain

remote code execution

unix

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

Percentile

14.9%

JSON

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

OSVersionArchitecturePackageVersionFilename
Debian12allcups<= 2.4.2-3+deb12u7cups_2.4.2-3+deb12u7_all.deb
Debian11allcups<= 2.3.3op2-3+deb11u8cups_2.3.3op2-3+deb11u8_all.deb
Debian999allcups<= 2.4.10-2cups_2.4.10-2_all.deb
Debian13allcups<= 2.4.10-1cups_2.4.10-1_all.deb
Debian12alllibppd< 2:0.10-9libppd_2:0.10-9_all.deb
Debian11alllibppd< 2:0.10-7.3libppd_2:0.10-7.3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cups	<= 2.4.2-3+deb12u7	cups_2.4.2-3+deb12u7_all.deb
Debian	11	all	cups	<= 2.3.3op2-3+deb11u8	cups_2.3.3op2-3+deb11u8_all.deb
Debian	999	all	cups	<= 2.4.10-2	cups_2.4.10-2_all.deb
Debian	13	all	cups	<= 2.4.10-1	cups_2.4.10-1_all.deb
Debian	12	all	libppd	< 2:0.10-9	libppd_2:0.10-9_all.deb
Debian	11	all	libppd	< 2:0.10-7.3	libppd_2:0.10-7.3_all.deb