CVE-2024-47175

Published Sep 26, 2024

Last updated 2 months ago

CVSS high 8.6

Overview

Description: CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Source: security-advisories@github.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-20

Hype score: Not currently trending

Actively exploited CVE : CVE-2024-47175
@transilienceai
30 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
29 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
25 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
23 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
20 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ثغرات متعددة في CUPS تتيح تنفيذ التعليمات البرمجية عن بُعد على نظام #Linux 1) cve-2024-47076 2) CVE-2024-47175 3) CVE-2024-47176 4) CVE-2024-47177 استعلام #Criminal_IP ✅title: CUPS port:631 ✅title: Home - CUPS port:631 https://t.co/TwVHxOmvB7 https://t.co/Dml9z1YZ7F
@CriminalIP_AR
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE GitHub.. https://t.co/J2CFFT1Qhx For more information about CUPS.(Printing system remote execution.. 👇 https://t.co/ELv0lGyaYU #CVE
@un_exceptional
13 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47175
@transilienceai
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47175
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

References