Home > Vulnerability Database > CVE-2024-47175

Mend.io Vulnerability Database

CVE-2024-47175

Good to know:

Date: September 26, 2024

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Language: C

Severity Score

8.6

Related Resources (8)

Url: https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47175

Url: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47

Url: https://www.cups.org

Url: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5

Url: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

Url: https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

Url: https://www.mend.io/vulnerability-database/CVE-2024-47175

Severity Score

8.6

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version d681747ebf12602cb426725eb8ce2753211e2477

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47175

Good to know:

Date: September 26, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?