GitHub_MVULNRICHMENT:CVE-2024-47175CVE-2024-47175 libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:openprinting:libppd:*:*:*:*:*:*:*:*"
],
"vendor": "openprinting",
"product": "libppd",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.1b1"
}
],
"defaultStatus": "unknown"
}
]References
github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
www.cups.org
www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total