CVE-2024-47076

HIGH8.6EPSS 75.8%

cups-filters - security update

Published: 9/26/2024Modified: 3/9/2026

Also known as:DSA-5778-1DEBIAN-CVE-2024-47076DEBIAN-CVE-2024-47176

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

Affected packages (4)

Debian/cups-filtersfrom 0, < 1.28.7-1+deb11u3
Debian/cups-filtersfrom 0, < 1.28.7-1+deb11u3
Debian/cups-filtersfrom 0, < 1.28.17-3+deb12u1
Debian/libcupsfiltersfrom 0, < 2.0.0-3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-47076