CVE-2024-47076 — HIGH (8.6)

Q: How severe is CVE-2024-47076?

CVE-2024-47076 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47076?

Check the references section above for vendor advisories and patch information. Affected products include: Openprinting Libcupsfilters.

Vulnerability Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Openprinting	Libcupsfilters	<= 2.0.0

Related Weaknesses (CWE)

CWE-20

References

https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-Not Applicable
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-Not Applicable
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g7ExploitVendor Advisory
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6Not Applicable
https://www.cups.orgProduct
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-IExploitThird Party Advisory
https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a8Patch
https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html
https://security.netapp.com/advisory/ntap-20241011-0001/

FAQ

What is CVE-2024-47076?

CVE-2024-47076 is a vulnerability with a CVSS score of 8.6 (HIGH). CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format c...

How severe is CVE-2024-47076?

CVE-2024-47076 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47076?

Check the references section above for vendor advisories and patch information. Affected products include: Openprinting Libcupsfilters.