CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openprinting
Openprinting libcupsfilters |
|
CPEs | cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:* | |
Vendors & Products |
Openprinting
Openprinting libcupsfilters |
|
Metrics |
ssvc
|
Thu, 26 Sep 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 26 Sep 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 26 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. | |
Title | libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server | |
Weaknesses | CWE-20 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-26T21:18:22.067Z
Updated: 2024-09-27T18:03:28.585Z
Reserved: 2024-09-17T17:42:37.030Z
Link: CVE-2024-47076
Vulnrichment
Updated: 2024-09-27T18:03:19.816Z
NVD
Status : Received
Published: 2024-09-26T22:15:04.063
Modified: 2024-09-26T22:15:04.063
Link: CVE-2024-47076
Redhat