CVE-2024-47175

CRITICAL EPSS 99.4%
Published Sep 26, 20241y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Sep 26, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 3

VendorProductVersionRange
openprintinglibppd* ≤2.0.0
openprintinglibppd2.1any
debiandebian_linux11.0any

References 11

  • openwall.com http://www.openwall.com/lists/oss-security/2024/09/27/3
    Mailing List
  • github.com https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
    Not Applicable
  • github.com https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
    Not Applicable
  • github.com https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
    Not Applicable
  • github.com https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
    Patch
  • github.com https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
    ExploitVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html
    Mailing List
  • psirt.global.sonicwall.com https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0016
  • security.netapp.com https://security.netapp.com/advisory/ntap-20241011-0001/
  • cups.org https://www.cups.org
    Product
  • evilsocket.net https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
    Patch