First published: Mon Sep 23 2024(Updated: )
A remote attacker who has successfully installed or hijacked an exposed printer (via UPD or mDNS) and was able to return a malicious IPP attribute, the attacker may be able to exploit FoomaticRIPCommandLine to execute arbitrary commands. Due to a lack of sanitization in `cfGetPrinterAttributes` API and `ppdCreatePPDFromIPP2`, a vulnerable CUPS system will execute the `foomatic-rip` filter binary when a print job is sent to the printer.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/cups | <=2.3.3op2-3+deb11u8 | 2.3.3op2-3+deb11u9 2.4.2-3+deb12u8 2.4.10-2 |
debian/libppd | 2:0.10-7.3 2:0.10-9 | |
F5 Traffix Systems Signaling Delivery Controller |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-47175 has a high severity rating due to its potential for remote code execution by an attacker.
To fix CVE-2024-47175, upgrade to the patched versions of CUPS and libppd as specified in the advisory.
CVE-2024-47175 affects Debian packages of CUPS versions up to 2.3.3op2-3+deb11u8 and specific versions of libppd.
Yes, a remote attacker can exploit CVE-2024-47175 through exposed network interfaces like UPD or mDNS.
CVE-2024-47175 allows attackers to execute arbitrary commands through FoomaticRIPCommandLine.