CVE-2024-47175

CRITICAL9.8EPSS 36.8%

cups - security update

發布日:2024/9/26修改日:2025/12/3

也稱為:ALPINE-CVE-2024-47175

描述

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

受影響套件(4)

Alpine/cupsfrom 0, < 2.4.9-r1
Debian/cupsfrom 0, < 2.3.3op2-3+deb11u9
Debian/cupsfrom 0, < 2.3.3op2-3+deb11u9
Debian/cupsfrom 0, < 2.4.2-3+deb12u8

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-47175
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-47175