CVE-2024-47175

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47175

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47175.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47175

Aliases

CVE-2024-47076
CVE-2024-47176
CVE-2024-47177
GHSA-7xfx-47qg-grp6
GHSA-p9rh-jxmq-gq47
GHSA-rj88-6mr5-rcw8
GHSA-w63j-6g73-wmg5

Related

Published

2024-09-26T22:15:04Z

Modified

2024-10-03T05:53:03.705735Z

Summary

[none]

Details

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

References

Affected packages

Alpine:v3.19 / cups

Package

Name: cups
Purl: pkg:apk/alpine/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.9-r1

Affected versions

1.*

1.4.1-r0

1.4.2-r0

1.4.2-r1

1.4.2-r2

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.3-r3

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.4.8-r0

1.5.0-r0

1.5.0-r1

1.5.0-r2

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.2-r3

1.5.3-r0

1.5.4-r0

1.5.4-r1

1.6.1-r0

1.6.1-r1

1.6.2-r0

1.6.2-r1

1.6.3-r0

1.6.4-r0

1.7.0-r0

1.7.0-r1

1.7.1-r0

1.7.2-r0

1.7.3-r0

1.7.3-r1

1.7.4-r0

1.7.5-r0

2.*

2.0.0-r0

2.0.1-r0

2.0.2-r0

2.0.2-r1

2.0.2-r2

2.0.3-r0

2.0.4-r0

2.1.0-r0

2.1.1-r0

2.1.2-r0

2.1.3-r0

2.1.3-r1

2.1.4-r0

2.2.1-r0

2.2.1-r1

2.2.2-r0

2.2.2-r1

2.2.2-r2

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.5-r0

2.2.5-r1

2.2.6-r0

2.2.9-r0

2.2.10-r0

2.2.11-r0

2.2.12-r0

2.2.12-r1

2.2.12-r2

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.3.3-r4

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.2-r1

2.4.2-r2

2.4.2-r3

2.4.2-r4

2.4.2-r5

2.4.2-r6

2.4.2-r7

2.4.3-r0

2.4.3-r1

2.4.4-r0

2.4.5-r0

2.4.6-r0

2.4.7-r0

2.4.9-r0

Alpine:v3.20 / cups

Package

Name: cups
Purl: pkg:apk/alpine/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.9-r1

Affected versions

1.*

1.4.1-r0

1.4.2-r0

1.4.2-r1

1.4.2-r2

1.4.3-r0

1.4.3-r1

1.4.3-r2

1.4.3-r3

1.4.4-r0

1.4.4-r1

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.4.8-r0

1.5.0-r0

1.5.0-r1

1.5.0-r2

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.2-r3

1.5.3-r0

1.5.4-r0

1.5.4-r1

1.6.1-r0

1.6.1-r1

1.6.2-r0

1.6.2-r1

1.6.3-r0

1.6.4-r0

1.7.0-r0

1.7.0-r1

1.7.1-r0

1.7.2-r0

1.7.3-r0

1.7.3-r1

1.7.4-r0

1.7.5-r0

2.*

2.0.0-r0

2.0.1-r0

2.0.2-r0

2.0.2-r1

2.0.2-r2

2.0.3-r0

2.0.4-r0

2.1.0-r0

2.1.1-r0

2.1.2-r0

2.1.3-r0

2.1.3-r1

2.1.4-r0

2.2.1-r0

2.2.1-r1

2.2.2-r0

2.2.2-r1

2.2.2-r2

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.5-r0

2.2.5-r1

2.2.6-r0

2.2.9-r0

2.2.10-r0

2.2.11-r0

2.2.12-r0

2.2.12-r1

2.2.12-r2

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.3.3-r4

2.4.0-r0

2.4.1-r0

2.4.1-r1

2.4.2-r0

2.4.2-r1

2.4.2-r2

2.4.2-r3

2.4.2-r4

2.4.2-r5

2.4.2-r6

2.4.2-r7

2.4.3-r0

2.4.3-r1

2.4.4-r0

2.4.5-r0

2.4.6-r0

2.4.7-r0

2.4.7-r1

2.4.7-r2

2.4.7-r3

2.4.7-r4

2.4.8-r0

2.4.9-r0

Debian:11 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.3op2-3+deb11u9

Affected versions

2.*

2.3.3op2-3+deb11u1

2.3.3op2-3+deb11u2

2.3.3op2-3+deb11u3

2.3.3op2-3+deb11u4

2.3.3op2-3+deb11u5

2.3.3op2-3+deb11u6

2.3.3op2-3+deb11u7

2.3.3op2-3+deb11u8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.2-3+deb12u8

Affected versions

2.*

2.4.2-3

2.4.2-3+deb12u1

2.4.2-3+deb12u2

2.4.2-3+deb12u3

2.4.2-3+deb12u4

2.4.2-3+deb12u5

2.4.2-3+deb12u6

2.4.2-3+deb12u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cups

Package

Name: cups
Purl: pkg:deb/debian/cups?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.10-2

Affected versions

2.*

2.4.2-3

2.4.2-4

2.4.2-5

2.4.2-6

2.4.7-1

2.4.7-1.1

2.4.7-1.2

2.4.7-2

2.4.7-3

2.4.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}