CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47175 – libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
https://notcve.org/view.php?id=CVE-2024-47175
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. • https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 https://www.cups.org https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I https://access.redhat.com/security/cve/CVE-2024-47175 https://b • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en la versión 2.4.7 de CUPS, lanzada en septiembre de 2023. • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6 https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •