CVE-2024-47177

Name
CVE-2024-47177
Description
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
MISC https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
MISC https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
MISC https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
MISC https://www.cups.org
MISC https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

Match rules

CPE URI Source package Min version Max version
cups-filters >= 0 <= 2.0.1
cpe:2.3:a:openprinting:cpdb-libs:*:*:*:*:*:*:*:* cpdb-libs >= 0 <= 2.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cups-filters edge-community 1.28.17-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
cups-filters 3.20-community 1.28.17-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable