CVE-2024-47076

HIGH8.6EPSS 75.8%

cups-filters - security update

發布日:2024/9/26修改日:2026/3/9

也稱為:DSA-5778-1DEBIAN-CVE-2024-47076DEBIAN-CVE-2024-47176

描述

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

受影響套件(4)

Debian/cups-filtersfrom 0, < 1.28.7-1+deb11u3
Debian/cups-filtersfrom 0, < 1.28.7-1+deb11u3
Debian/cups-filtersfrom 0, < 1.28.17-3+deb12u1
Debian/libcupsfiltersfrom 0, < 2.0.0-3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-47076