CVE-2024-47175

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47175
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47175.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47175
Downstream
Related
Published
2024-09-26T21:18:25Z
Modified
2025-11-10T19:56:43.077086Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
Details

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Git / github.com/openprinting/libppd

Affected ranges

Type
GIT
Repo
https://github.com/openprinting/libppd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d681747ebf12602cb426725eb8ce2753211e2477

Affected versions

2.*

2.0.0
2.0b1
2.0b2
2.0b3
2.0b4
2.0rc1
2.0rc2
2.1b1

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "ppd/ppd-generator.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "13657414141099091691635291782047114017",
                "179637470280244837008176563126183788885",
                "214787474153319818990581012004035173615",
                "3002717928479943997060028982643284852",
                "159096385128569896280610269371592568053",
                "77337216822729623112272161880149641434",
                "197179166822533337179531229671826243933",
                "236486196035859707569908348756523907071",
                "2689207539077521754152627809020885327",
                "128143771128332181260418942696020117809",
                "191816057321364024145406562454466065261",
                "241448865882338986400693537308424420526",
                "42507907948769242436678899590176672937",
                "268535490051602020295132333894143726053",
                "18552650359476914654606904933113723747",
                "218654107408508943343164246090326665896",
                "126819102941138640721724569274007733825",
                "251958955879168698687999741705006362759",
                "228621827500657128851565500754855978891",
                "129127384719845180631907207419521882511",
                "213727329131903225053251009554191218826",
                "83858534301478188605736077853815939731",
                "275336668951445858794979961935164211014",
                "256902588969568705132128755467119784266",
                "197083152655128572603765319948698891636",
                "113659633516486662101893316459255687167",
                "286989262126922432094027390571757481760",
                "258817121794347735289627196878053834866",
                "274337704483718356856616034585435422484",
                "241298127736859654256849988586566772368",
                "124384700796260125849356684752696994934",
                "56248146128134383788123273035983480729",
                "235041686558498289625746394354632783824",
                "247536508008872762680631757545001016681",
                "198092554591814241283982925735897035613",
                "221144883054892079824237838724905250934",
                "206719326850659574769949949142476396031",
                "273877502857049434470214113002814976785",
                "129484807128364309210581577868172087220",
                "319258179775034869895452851858110340523",
                "313061615362622851163499978762652934948",
                "172420781589553181020460183378211434261",
                "290708757369134577352858099363706373363",
                "144800020873288284653462179105109580111",
                "299130312401373186633300865533447292458",
                "8292286174073139609242814925974066265",
                "131211901393011678774332822611860086001",
                "195206238519599007661102176338445207803",
                "47016060980678851530742133160511888118",
                "308431912755519644845428383987973663235",
                "74958880418025422546509665927314083685",
                "203078994312945954043330350545691149265",
                "95716318203617130996210406223252398150",
                "265057862456991654684182045005876127407",
                "12569098522279582792281965014481650442",
                "282193087003034843766144253977827125254",
                "11966347029580499232831738599650682840",
                "55382598886309335299441209947810330305",
                "231101400534196992335644196007717423537",
                "295767610399753934124177763872583059750",
                "326640825070627513591505274123592444241",
                "289624743953558242272766566441696966965",
                "70459182367374245142793301187942896698",
                "137131752624876818288707923333641769102",
                "107471915641247555491242993247755985951",
                "209819200612645856499942254628070177660",
                "336680696334442249004603195834200942293",
                "268151872527405750980904018291686985508",
                "165110161699501584476913170886126424309",
                "247351885446184800499136619225322795099",
                "290968901442873585654157465495214344949",
                "294311141080300408006595942835005582562",
                "267767348636652854099370999974015189782",
                "44702406066619520302181542438969026301",
                "303260531109013594894998329080072593493",
                "181195692482280450610661876900299595215",
                "129731211595524586991167448730209639007",
                "240722944967476163543605039861370092207",
                "207840168773150979041291936556461565556",
                "102881950761989875032730916339249842190",
                "191379608329684548300511187297592327052",
                "139672167553202256071105392847761570408",
                "72515586160701856270742012094337608118",
                "145227599257867160988967966717158254536",
                "128536424490631507025939708434209486307",
                "216176394627956034140694645555567962588",
                "101960091654352500560157706137492665555",
                "181288121312627014024743201949027261314",
                "76469645778989027596609822384063025192",
                "114176824920081591213354761125398485919",
                "142011842845165633393399265070832672632",
                "77953199544468195115193008119598490468",
                "257044301708498123626907409243986774255",
                "125587933794456815880480451013082555252",
                "228282877543782551904059406587134805098",
                "108587633537507210242609878158511307392",
                "108587633537507210242609878158511307392",
                "294443775201104772427041204077934872502",
                "209373139445880059306204340813982200873",
                "277218306774663801064839604736944302350",
                "117523880237288078180743513566966731238",
                "189973893700652399146210155979048075895",
                "126002451306872058685072482872363737832",
                "242532180203496694743563501868879103593",
                "154058036847786256584254209099681721307",
                "79754600185094410510854520269985331501",
                "282117430771198913300089123735600926934",
                "29460670488369244428584316215189003612",
                "220291534298192626038869684245822804254",
                "201869077141721417747076525217641186186",
                "270066339609463281133663263335152775790",
                "111260188993682968939406363381878450572",
                "128376368243722700379199115157585626438",
                "112483867201262591228065868305507472791",
                "218915743757081816362336354741381799953",
                "180380180716495609054037260008802845830",
                "79122977360793943714903327496498058092",
                "324923227619856912546388394153930750824",
                "245648887213105255818736472136816146538",
                "215535444251817653331940269308545444317",
                "63016822527027298336408133304781098860",
                "169520168406106146503396510846809175995",
                "239887358579111148283699088931772363750",
                "166460879508481789302883784826577475195",
                "211061126337150266281461065104165778799",
                "16333491549774054731587748342143375783",
                "167901205595564190369119787636143196282",
                "133691693291650497868351157874037938879",
                "176230953966779655415214485419417885230",
                "263382297809294415077640770841889177345",
                "49173526359424214731431534219315002663",
                "320112716046754228734305061141567523928",
                "330900083209569436542991693912433889376",
                "240016553455410747422729945752236013074",
                "117857469224943828321789374700309041741",
                "267131271169554354011599392713089954136",
                "122608408946738826846755789549928261132",
                "242195939918807890167848840295493695320",
                "170764079486619476206189494038119819479",
                "225727472443979207923643502197200635125",
                "133068623743920565490993363129578248263",
                "324371178261061608798952586338804832144",
                "81136898388327548926084361971713502612",
                "43028556021364385481474646609447886928",
                "338505206533059922313899183885749539980",
                "157614166557928890429130745972115988953",
                "33360044503610735942790286232826407293",
                "78854007979661530816282256941513612940",
                "14726928271880367301208595255466837113",
                "27001413543773791602054007542482414505",
                "214070005360288990819732710654626139249",
                "46247228273134817642804325831112716894",
                "150524330654636382272465449067496272144",
                "103994676762065083381733712387972260113",
                "82734135911380456678053767277603248261",
                "6759737908659503237065708707546026220",
                "314385014280270433894610442643629957729",
                "337208897388496633389344882496549434814",
                "155539045161406802648530912769652922448",
                "252364559516146779480365009443467271940",
                "198394794613762105327491019841654119990",
                "185377298162314511624819964987021866248",
                "72157868577884920785264130794179595603",
                "328147112264355190953737884487143640922",
                "99168952162010758797464464267566442731",
                "191098814767141962316185724580038518056",
                "103390130309976364311614582815121552215",
                "40631159608681811960482873195241626847",
                "167214177974543023518297772351233595990",
                "186683628716940956273897486965722035718",
                "102220665752656748744092251932307248574",
                "210278171268877159429565184281535879164",
                "229476370894566260570117341033718258018",
                "249458962582342511520008558920334145042",
                "30453229203965877880602220933049028254",
                "303737757470350839231375352478387774393",
                "162771152117620862610758742036607171127",
                "35961783285829317560118075265514337516",
                "239298780820900279565277749781785388163",
                "85114403770401855809103147434844841799",
                "258109389748279026566964647982477655739",
                "118944370878808259041938147511670197574",
                "45158438520184479235476884718387893533",
                "288196935768999962270188575575962781260",
                "86591879812236938228994653932709095837",
                "223916541271667932305697690792558496027",
                "325060886801107535446926450152831318708",
                "43805239956855173919427179238306199314",
                "130670042774811695047047331534198611187",
                "324405680071135182448703176290406218932"
            ]
        },
        "deprecated": false,
        "id": "CVE-2024-47175-7df6b026",
        "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477"
    },
    {
        "target": {
            "function": "ppdPwgPpdizeName",
            "file": "ppd/ppd-cache.c"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "280364460157987776697634472120689763238",
            "length": 426.0
        },
        "deprecated": false,
        "id": "CVE-2024-47175-c8e133f6",
        "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477"
    },
    {
        "target": {
            "file": "ppd/ppd-cache.c"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314153491438704912369263063539315333306",
                "301406673067936221150408808401856488730",
                "201760927979979486478408025424736167416",
                "138835441134705449542335701499379245092",
                "44811028385488211975003700206918775367",
                "45969258807845511612267900319424176846",
                "111403921756315227801704793741612557459",
                "107536224559804136032495385112793914530",
                "13924261078458057045354860832166491141",
                "273957665075472855771183862732680239956",
                "107899844511260855802332663484614690729",
                "67279158652518878577868394095407842886",
                "196148540091889373915363239853931950429",
                "201056697143904529201950384675633328596",
                "206443931478505721985786624826116999072",
                "158917100181299899083491918329496680140",
                "122578452366751414380955526438600093832",
                "67912458911441802129486237718649581198",
                "278084674268239665865268914370473484500",
                "194251439077887421567953408577259823331",
                "257923199922340328344799252377779529270"
            ]
        },
        "deprecated": false,
        "id": "CVE-2024-47175-dcac69d5",
        "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477"
    },
    {
        "target": {
            "function": "ppdCreatePPDFromIPP2",
            "file": "ppd/ppd-generator.c"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "293079276524598589233098368722888906318",
            "length": 58062.0
        },
        "deprecated": false,
        "id": "CVE-2024-47175-ead2453f",
        "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477"
    }
]