CVE-2024-47175

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47175

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47175.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47175

Downstream

ALPINE-CVE-2024-47175

BELL-CVE-2024-47175

DEBIAN-CVE-2024-47175

DLA-3904-1

DSA-5779-1

OESA-2024-2222

OESA-2024-2223

OESA-2024-2224

OESA-2024-2225

OESA-2024-2246

RHSA-2024:7346

RHSA-2024:7461

RHSA-2024:7462

RHSA-2024:7463

RHSA-2024:7503

RHSA-2024:7504

RHSA-2024:7506

RHSA-2024:7551

RHSA-2024:7553

RHSA-2024:7623

RHSA-2024:9470

RHSA-2025:0083

SUSE-SU-2025:03261-1

UBUNTU-CVE-2024-47175

USN-7041-1

USN-7041-2

USN-7041-3

USN-7045-1

Related

ALSA-2025:0083
GHSA-7xfx-47qg-grp6
GHSA-p9rh-jxmq-gq47
GHSA-rj88-6mr5-rcw8
GHSA-w63j-6g73-wmg5
MGASA-2024-0327
RLSA-2024:7346
RLSA-2024:7463
RLSA-2024:9470
RLSA-2025:0083
SUSE-SU-2025:03261-1

Published

2024-09-26T21:18:25Z

Modified

2025-10-14T22:48:53.267362Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer

Details

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

References

Affected packages

Git / github.com/OpenPrinting/cups-browsed

Affected ranges

Type: GIT
Repo: https://github.com/OpenPrinting/cups-browsed
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

089450357e61673fa9871b927c4b3b6cea4690a1

Affected versions

2.*

2.0.0

2.0.1

2.0b1

2.0b2

2.0b3

2.0b4

2.0rc1

2.0rc2

2.1.0

2.1.1

Git / github.com/OpenPrinting/cups-browsed

Affected ranges

Type: GIT
Repo: https://github.com/openprinting/libppd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d681747ebf12602cb426725eb8ce2753211e2477

Affected versions

2.*

2.0.0

2.0b1

2.0b2

2.0b3

2.0b4

2.0rc1

2.0rc2

2.1b1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-47175-7df6b026",
            "signature_type": "Line",
            "target": {
                "file": "ppd/ppd-generator.c"
            },
            "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "13657414141099091691635291782047114017",
                    "179637470280244837008176563126183788885",
                    "214787474153319818990581012004035173615",
                    "3002717928479943997060028982643284852",
                    "159096385128569896280610269371592568053",
                    "77337216822729623112272161880149641434",
                    "197179166822533337179531229671826243933",
                    "236486196035859707569908348756523907071",
                    "2689207539077521754152627809020885327",
                    "128143771128332181260418942696020117809",
                    "191816057321364024145406562454466065261",
                    "241448865882338986400693537308424420526",
                    "42507907948769242436678899590176672937",
                    "268535490051602020295132333894143726053",
                    "18552650359476914654606904933113723747",
                    "218654107408508943343164246090326665896",
                    "126819102941138640721724569274007733825",
                    "251958955879168698687999741705006362759",
                    "228621827500657128851565500754855978891",
                    "129127384719845180631907207419521882511",
                    "213727329131903225053251009554191218826",
                    "83858534301478188605736077853815939731",
                    "275336668951445858794979961935164211014",
                    "256902588969568705132128755467119784266",
                    "197083152655128572603765319948698891636",
                    "113659633516486662101893316459255687167",
                    "286989262126922432094027390571757481760",
                    "258817121794347735289627196878053834866",
                    "274337704483718356856616034585435422484",
                    "241298127736859654256849988586566772368",
                    "124384700796260125849356684752696994934",
                    "56248146128134383788123273035983480729",
                    "235041686558498289625746394354632783824",
                    "247536508008872762680631757545001016681",
                    "198092554591814241283982925735897035613",
                    "221144883054892079824237838724905250934",
                    "206719326850659574769949949142476396031",
                    "273877502857049434470214113002814976785",
                    "129484807128364309210581577868172087220",
                    "319258179775034869895452851858110340523",
                    "313061615362622851163499978762652934948",
                    "172420781589553181020460183378211434261",
                    "290708757369134577352858099363706373363",
                    "144800020873288284653462179105109580111",
                    "299130312401373186633300865533447292458",
                    "8292286174073139609242814925974066265",
                    "131211901393011678774332822611860086001",
                    "195206238519599007661102176338445207803",
                    "47016060980678851530742133160511888118",
                    "308431912755519644845428383987973663235",
                    "74958880418025422546509665927314083685",
                    "203078994312945954043330350545691149265",
                    "95716318203617130996210406223252398150",
                    "265057862456991654684182045005876127407",
                    "12569098522279582792281965014481650442",
                    "282193087003034843766144253977827125254",
                    "11966347029580499232831738599650682840",
                    "55382598886309335299441209947810330305",
                    "231101400534196992335644196007717423537",
                    "295767610399753934124177763872583059750",
                    "326640825070627513591505274123592444241",
                    "289624743953558242272766566441696966965",
                    "70459182367374245142793301187942896698",
                    "137131752624876818288707923333641769102",
                    "107471915641247555491242993247755985951",
                    "209819200612645856499942254628070177660",
                    "336680696334442249004603195834200942293",
                    "268151872527405750980904018291686985508",
                    "165110161699501584476913170886126424309",
                    "247351885446184800499136619225322795099",
                    "290968901442873585654157465495214344949",
                    "294311141080300408006595942835005582562",
                    "267767348636652854099370999974015189782",
                    "44702406066619520302181542438969026301",
                    "303260531109013594894998329080072593493",
                    "181195692482280450610661876900299595215",
                    "129731211595524586991167448730209639007",
                    "240722944967476163543605039861370092207",
                    "207840168773150979041291936556461565556",
                    "102881950761989875032730916339249842190",
                    "191379608329684548300511187297592327052",
                    "139672167553202256071105392847761570408",
                    "72515586160701856270742012094337608118",
                    "145227599257867160988967966717158254536",
                    "128536424490631507025939708434209486307",
                    "216176394627956034140694645555567962588",
                    "101960091654352500560157706137492665555",
                    "181288121312627014024743201949027261314",
                    "76469645778989027596609822384063025192",
                    "114176824920081591213354761125398485919",
                    "142011842845165633393399265070832672632",
                    "77953199544468195115193008119598490468",
                    "257044301708498123626907409243986774255",
                    "125587933794456815880480451013082555252",
                    "228282877543782551904059406587134805098",
                    "108587633537507210242609878158511307392",
                    "108587633537507210242609878158511307392",
                    "294443775201104772427041204077934872502",
                    "209373139445880059306204340813982200873",
                    "277218306774663801064839604736944302350",
                    "117523880237288078180743513566966731238",
                    "189973893700652399146210155979048075895",
                    "126002451306872058685072482872363737832",
                    "242532180203496694743563501868879103593",
                    "154058036847786256584254209099681721307",
                    "79754600185094410510854520269985331501",
                    "282117430771198913300089123735600926934",
                    "29460670488369244428584316215189003612",
                    "220291534298192626038869684245822804254",
                    "201869077141721417747076525217641186186",
                    "270066339609463281133663263335152775790",
                    "111260188993682968939406363381878450572",
                    "128376368243722700379199115157585626438",
                    "112483867201262591228065868305507472791",
                    "218915743757081816362336354741381799953",
                    "180380180716495609054037260008802845830",
                    "79122977360793943714903327496498058092",
                    "324923227619856912546388394153930750824",
                    "245648887213105255818736472136816146538",
                    "215535444251817653331940269308545444317",
                    "63016822527027298336408133304781098860",
                    "169520168406106146503396510846809175995",
                    "239887358579111148283699088931772363750",
                    "166460879508481789302883784826577475195",
                    "211061126337150266281461065104165778799",
                    "16333491549774054731587748342143375783",
                    "167901205595564190369119787636143196282",
                    "133691693291650497868351157874037938879",
                    "176230953966779655415214485419417885230",
                    "263382297809294415077640770841889177345",
                    "49173526359424214731431534219315002663",
                    "320112716046754228734305061141567523928",
                    "330900083209569436542991693912433889376",
                    "240016553455410747422729945752236013074",
                    "117857469224943828321789374700309041741",
                    "267131271169554354011599392713089954136",
                    "122608408946738826846755789549928261132",
                    "242195939918807890167848840295493695320",
                    "170764079486619476206189494038119819479",
                    "225727472443979207923643502197200635125",
                    "133068623743920565490993363129578248263",
                    "324371178261061608798952586338804832144",
                    "81136898388327548926084361971713502612",
                    "43028556021364385481474646609447886928",
                    "338505206533059922313899183885749539980",
                    "157614166557928890429130745972115988953",
                    "33360044503610735942790286232826407293",
                    "78854007979661530816282256941513612940",
                    "14726928271880367301208595255466837113",
                    "27001413543773791602054007542482414505",
                    "214070005360288990819732710654626139249",
                    "46247228273134817642804325831112716894",
                    "150524330654636382272465449067496272144",
                    "103994676762065083381733712387972260113",
                    "82734135911380456678053767277603248261",
                    "6759737908659503237065708707546026220",
                    "314385014280270433894610442643629957729",
                    "337208897388496633389344882496549434814",
                    "155539045161406802648530912769652922448",
                    "252364559516146779480365009443467271940",
                    "198394794613762105327491019841654119990",
                    "185377298162314511624819964987021866248",
                    "72157868577884920785264130794179595603",
                    "328147112264355190953737884487143640922",
                    "99168952162010758797464464267566442731",
                    "191098814767141962316185724580038518056",
                    "103390130309976364311614582815121552215",
                    "40631159608681811960482873195241626847",
                    "167214177974543023518297772351233595990",
                    "186683628716940956273897486965722035718",
                    "102220665752656748744092251932307248574",
                    "210278171268877159429565184281535879164",
                    "229476370894566260570117341033718258018",
                    "249458962582342511520008558920334145042",
                    "30453229203965877880602220933049028254",
                    "303737757470350839231375352478387774393",
                    "162771152117620862610758742036607171127",
                    "35961783285829317560118075265514337516",
                    "239298780820900279565277749781785388163",
                    "85114403770401855809103147434844841799",
                    "258109389748279026566964647982477655739",
                    "118944370878808259041938147511670197574",
                    "45158438520184479235476884718387893533",
                    "288196935768999962270188575575962781260",
                    "86591879812236938228994653932709095837",
                    "223916541271667932305697690792558496027",
                    "325060886801107535446926450152831318708",
                    "43805239956855173919427179238306199314",
                    "130670042774811695047047331534198611187",
                    "324405680071135182448703176290406218932"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-47175-c8e133f6",
            "signature_type": "Function",
            "target": {
                "file": "ppd/ppd-cache.c",
                "function": "ppdPwgPpdizeName"
            },
            "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477",
            "digest": {
                "function_hash": "280364460157987776697634472120689763238",
                "length": 426.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-47175-dcac69d5",
            "signature_type": "Line",
            "target": {
                "file": "ppd/ppd-cache.c"
            },
            "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "314153491438704912369263063539315333306",
                    "301406673067936221150408808401856488730",
                    "201760927979979486478408025424736167416",
                    "138835441134705449542335701499379245092",
                    "44811028385488211975003700206918775367",
                    "45969258807845511612267900319424176846",
                    "111403921756315227801704793741612557459",
                    "107536224559804136032495385112793914530",
                    "13924261078458057045354860832166491141",
                    "273957665075472855771183862732680239956",
                    "107899844511260855802332663484614690729",
                    "67279158652518878577868394095407842886",
                    "196148540091889373915363239853931950429",
                    "201056697143904529201950384675633328596",
                    "206443931478505721985786624826116999072",
                    "158917100181299899083491918329496680140",
                    "122578452366751414380955526438600093832",
                    "67912458911441802129486237718649581198",
                    "278084674268239665865268914370473484500",
                    "194251439077887421567953408577259823331",
                    "257923199922340328344799252377779529270"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-47175-ead2453f",
            "signature_type": "Function",
            "target": {
                "file": "ppd/ppd-generator.c",
                "function": "ppdCreatePPDFromIPP2"
            },
            "source": "https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477",
            "digest": {
                "function_hash": "293079276524598589233098368722888906318",
                "length": 58062.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}