CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openprinting
Openprinting libppd |
|
CPEs | cpe:2.3:a:openprinting:libppd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Openprinting
Openprinting libppd |
|
Metrics |
ssvc
|
Thu, 26 Sep 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 26 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. | |
Title | libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer | |
Weaknesses | CWE-20 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-26T21:18:25.265Z
Updated: 2024-09-27T14:43:16.814Z
Reserved: 2024-09-19T22:32:11.962Z
Link: CVE-2024-47175
Vulnrichment
Updated: 2024-09-27T08:03:37.194Z
NVD
Status : Received
Published: 2024-09-26T22:15:04.283
Modified: 2024-09-26T22:15:04.283
Link: CVE-2024-47175
Redhat