CVE-2024-47076

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47076
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47076.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47076
Aliases
Related
Published
2024-09-26T22:15:04Z
Modified
2024-10-03T05:49:49.022895Z
Summary
[none]
Details

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

References

Affected packages

Debian:11 / cups-filters

Package

Name
cups-filters
Purl
pkg:deb/debian/cups-filters?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.7-1+deb11u3

Affected versions

1.*

1.28.7-1
1.28.7-1+deb11u1
1.28.7-1+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cups-filters

Package

Name
cups-filters
Purl
pkg:deb/debian/cups-filters?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.17-3+deb12u1

Affected versions

1.*

1.28.17-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cups-filters

Package

Name
cups-filters
Purl
pkg:deb/debian/cups-filters?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.17-5

Affected versions

1.*

1.28.17-3
1.28.17-3.1~exp1
1.28.17-3.1
1.28.17-4
1.28.17-4.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libcupsfilters

Package

Name
libcupsfilters
Purl
pkg:deb/debian/libcupsfilters?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0-3

Affected versions

2.*

2.0.0-1
2.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}