| Name | CVE-2024-47175 |
| Description | CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3904-1, DSA-5779-1, ELA-1198-1, ELA-1199-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| cups (PTS) | jessie, jessie (lts) | 1.7.5-11+deb8u12 | vulnerable |
| stretch (security) | 2.2.1-8+deb9u8 | vulnerable | |
| stretch (lts), stretch | 2.2.1-8+deb9u12 | fixed | |
| buster, buster (lts) | 2.2.10-6+deb10u11 | fixed | |
| buster (security) | 2.2.10-6+deb10u10 | vulnerable | |
| bullseye | 2.3.3op2-3+deb11u8 | vulnerable | |
| bullseye (security) | 2.3.3op2-3+deb11u9 | fixed | |
| bookworm (security), bookworm | 2.4.2-3+deb12u8 | fixed | |
| sid, trixie | 2.4.10-2 | fixed | |
| libppd (PTS) | jessie | 2:0.10-7.2 | fixed |
| buster, bullseye, stretch | 2:0.10-7.3 | fixed | |
| bookworm | 2:0.10-9 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| cups | source | stretch | 2.2.1-8+deb9u12 | ELA-1199-1 | ||
| cups | source | buster | 2.2.10-6+deb10u11 | ELA-1198-1 | ||
| cups | source | bullseye | 2.3.3op2-3+deb11u9 | DLA-3904-1 | ||
| cups | source | bookworm | 2.4.2-3+deb12u8 | DSA-5779-1 | ||
| cups | source | (unstable) | 2.4.10-2 | |||
| libppd | source | (unstable) | (not affected) |
- libppd <not-affected> (Vulnerable code introduced later)
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Introduced after: https://github.com/OpenPrinting/libppd/commit/788993656f8e9260961c42c140ff2b5a07d364aa (2.0b1)
Fixed by: https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
Additional bugfixes (https://www.openwall.com/lists/oss-security/2024/09/27/3)
https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5
https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69
https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844
https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b