CVE-2024-47076

Published Sep 26, 2024

Last updated 2 months ago

CVSS high 8.6

Overview

Description
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-47076

    @transilienceai

    30 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-47076

    @transilienceai

    29 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-47076

    @transilienceai

    23 Oct 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-47076

    @transilienceai

    20 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE GitHub.. https://t.co/J2CFFT1Qhx For more information about CUPS.(Printing system remote execution.. 👇 https://t.co/ELv0lGyaYU #CVE

    @un_exceptional

    13 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2024-47076

    @transilienceai

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. ثغرات متعددة في CUPS تتيح تنفيذ التعليمات البرمجية عن بُعد على نظام #Linux 1) cve-2024-47076 2) CVE-2024-47175 3) CVE-2024-47176 4) CVE-2024-47177 استعلام #Criminal_IP ✅title: CUPS port:631 ✅title: Home - CUPS port:631 https://t.co/TwVHxOmvB7 https://t.co/Dml9z1YZ7F

    @CriminalIP_AR

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References