CVE-2024-47076

HIGH EPSS 99.6%
Published Sep 26, 20241y ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
High
Find Similar
Published Sep 26, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
99.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 2

VendorProductVersionRange
openprintinglibcupsfilters* ≤2.0.0
openprintinglibcupsfilters2.1any

References 9

  • github.com https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
    Not Applicable
  • github.com https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
    Not Applicable
  • github.com https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
    Patch
  • github.com https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
    ExploitVendor Advisory
  • github.com https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
    Not Applicable
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html
  • security.netapp.com https://security.netapp.com/advisory/ntap-20241011-0001/
  • cups.org https://www.cups.org
    Product
  • evilsocket.net https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
    Patch