CVE-2024-47076
libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.
USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-09-17 CVE Reserved
- 2024-09-26 CVE Published
- 2024-09-28 CVE Updated
- 2024-09-29 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 | X_refsource_misc | |
| https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 | X_refsource_misc | |
| https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 | X_refsource_confirm | |
| https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 | X_refsource_misc | |
| https://www.cups.org | X_refsource_misc | |
| https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I | X_refsource_misc | |
| https://github.com/RickdeJager/cupshax | ||
| https://github.com/h2g2bob/ipp-server |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/182767 | 2024-11-22 | |
| https://github.com/mutkus/CVE-2024-47076 | 2024-09-29 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-47076 | 2024-10-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2314253 | 2024-10-03 | |
| https://access.redhat.com/security/vulnerabilities/RHSB-2024-002 | 2024-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| OpenPrinting Search vendor "OpenPrinting" | Libcupsfilters Search vendor "OpenPrinting" for product "Libcupsfilters" | <= 2.1 Search vendor "OpenPrinting" for product "Libcupsfilters" and version " <= 2.1" | en |
Affected
| ||||||