CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
28.0%
CUPS is a standards-based, open-source printing system, and libppd
can be used for legacy PPD file support. The libppd
function ppdCreatePPDFromIPP2
does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5
, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cups | <Â 2.4.2-3+deb12u8 | cups_2.4.2-3+deb12u8_all.deb |
Debian | 11 | all | cups | <Â 2.3.3op2-3+deb11u9 | cups_2.3.3op2-3+deb11u9_all.deb |
Debian | 999 | all | cups | <Â 2.4.10-2 | cups_2.4.10-2_all.deb |
Debian | 13 | all | cups | <=Â 2.4.10-1 | cups_2.4.10-1_all.deb |
Debian | 12 | all | libppd | <Â 2:0.10-9 | libppd_2:0.10-9_all.deb |
Debian | 11 | all | libppd | <Â 2:0.10-7.3 | libppd_2:0.10-7.3_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
28.0%