Products
CUPS
- UNKNOWN
Source
security-advisories@github.com
Tags
CVE-2024-47076 details
Last Modified : Sept. 26, 2024, 10:15 p.m.
Description
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.6 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
8.6
Exploitability Score
3.9
Impact Score
4.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
References
| URL | Source |
|---|---|
| https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 | security-advisories@github.com |
| https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 | security-advisories@github.com |
| https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 | security-advisories@github.com |
| https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 | security-advisories@github.com |
| https://www.cups.org | security-advisories@github.com |
| https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I | security-advisories@github.com |