CVE-2024-47175

NameCVE-2024-47175
DescriptionCUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3904-1, DSA-5779-1, ELA-1198-1, ELA-1199-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)jessie, jessie (lts)1.7.5-11+deb8u12vulnerable
stretch (security)2.2.1-8+deb9u8vulnerable
stretch (lts), stretch2.2.1-8+deb9u12fixed
buster, buster (lts)2.2.10-6+deb10u11fixed
buster (security)2.2.10-6+deb10u10vulnerable
bullseye2.3.3op2-3+deb11u8vulnerable
bullseye (security)2.3.3op2-3+deb11u9fixed
bookworm (security), bookworm2.4.2-3+deb12u8fixed
sid, trixie2.4.10-2fixed
libppd (PTS)jessie2:0.10-7.2fixed
buster, bullseye, stretch2:0.10-7.3fixed
bookworm2:0.10-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssourcestretch2.2.1-8+deb9u12ELA-1199-1
cupssourcebuster2.2.10-6+deb10u11ELA-1198-1
cupssourcebullseye2.3.3op2-3+deb11u9DLA-3904-1
cupssourcebookworm2.4.2-3+deb12u8DSA-5779-1
cupssource(unstable)2.4.10-2
libppdsource(unstable)(not affected)

Notes

- libppd <not-affected> (Vulnerable code introduced later)
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Introduced after: https://github.com/OpenPrinting/libppd/commit/788993656f8e9260961c42c140ff2b5a07d364aa (2.0b1)
Fixed by: https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
Additional bugfixes (https://www.openwall.com/lists/oss-security/2024/09/27/3)
https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5
https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69
https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844
https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b

Search for package or bug name: Reporting problems