CVE-2024-47175

HIGH

CUPS - RCE

Title source: llm

Description

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Exploits (1)

metasploit WORKING POC NORMAL

by Simone Margaritelli, Rick de Jager, s ipp-server, , # mDNS functionality, , · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb

View Code ZIP pw:eip

References (11)

[Not Applicable] https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

[Not Applicable] https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47

[Not Applicable] https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5

[Exploit, Vendor Advisory] https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

[Product] https://www.cups.org

[Exploit, Third Party Advisory] https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

[Mailing List] http://www.openwall.com/lists/oss-security/2024/09/27/3

[Patch] https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477

View Patch ZIP pw:eip

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html

[Various Sources] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0016

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20241011-0001/

Scores

CVSS v3 8.6

EPSS 0.3366

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (3)

debian/debian_linux 11.0

openprinting/libppd 2.1 beta1*

openprinting/libppd < 2.0.0

Published Sep 26, 2024

Tracked Since Feb 18, 2026