CVE-2024-47076 — Improper Input Validation in Cups-browsed

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection CWE-940 — Improper Verification of Source of a Communication Channel20 documents11 sources

Severity

8.6HIGHNVD

EPSS

73.9%

top 1.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Cups-filters Openprinting Libcupsfilters Openprinting Cups-browsed +12 more

Timeline

PublishedSep 26

Latest updateOct 29

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages17 packages

▶Debianopenprinting/libcupsfilters< 2.0.0-3+1

▶CVEListV5openprinting/libcupsfilters2.1b1

▶NVDopenprinting/libcupsfilters2.0.0+1

▶CVEListV5openprinting/cups-browsed2.0.1

▶Debianlinuxfoundation/cups-filters< 1.28.7-1+deb11u3+3

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server↗2024-09-26

▶

OSV

CVE-2024-47076: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as↗2024-09-26

▶

OSV

cups-filters vulnerabilities↗2024-09-26

▶

🔍Detection Rules

Elastic

Network Connection by Cups or Foomatic-rip Child↗

▶

Elastic

Suspicious Execution from Foomatic-rip or Cupsd Parent↗

▶

Elastic

Cupsd or Foomatic-rip Shell Execution↗

▶

Elastic

File Creation by Cups or Foomatic-rip Child↗

▶

Elastic

Printer User (lp) Shell Execution↗

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-47076↗2024-10-29

▶

Ubuntu

cups-filters vulnerabilities↗2024-10-09

▶

Palo Alto

Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products↗2024-09-26

▶

Ubuntu

libcupsfilters vulnerability↗2024-09-26

▶

Ubuntu

cups-filters vulnerabilities↗2024-09-26

▶

🕵️Threat Intelligence

Wiz

OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog↗2024-09-29

▶

Wiz

OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog↗2024-09-29

▶