CVE-2024-47175

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47175.json",
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Git / github.com/openprinting/cups-browsed

Affected ranges

Type

GIT

Repo

https://github.com/openprinting/cups-browsed

Events

Introduced

Last affected

089450357e61673fa9871b927c4b3b6cea4690a1

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1b1"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.1

2.0b1

2.0b2

2.0b3

2.0b4

2.0rc1

2.0rc2

2.1.0

2.1.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47175.json"

Git / github.com/openprinting/libppd

Affected ranges

Type

GIT

Repo

https://github.com/openprinting/libppd

Events

Introduced

Last affected

62666f01b167bdf5975b08fbab5c2f34d9277db3

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:openprinting:libppd:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0b1

2.0b2

2.0b3

2.0b4

2.0rc1

2.0rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47175.json"