CVE-2024-47076

HIGH

CUPS - Info Disclosure

Title source: llm

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

Exploits (2)

nomisec WRITEUP
by mutkus · poc
https://github.com/mutkus/CVE-2024-47076
metasploit WORKING POC NORMAL
by Simone Margaritelli, Rick de Jager, s ipp-server, , # mDNS functionality, , · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb

References (9)

Scores

CVSS v3 8.6
EPSS 0.7424
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
openprinting/libcupsfilters 2.1 beta1
openprinting/libcupsfilters < 2.0.0
Published Sep 26, 2024
Tracked Since Feb 18, 2026