CVE-2024-47076

{"id": "CVE-2024-47076", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2024-09-26T22:15:04.063", "references": [{"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "tags": ["Not Applicable"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "tags": ["Not Applicable"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "tags": ["Not Applicable"], "source": "security-advisories@github.com"}, {"url": "https://www.cups.org", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."}, {"lang": "es", "value": "CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libcupsfilters` contiene el c\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\u00eda que se utilizar\u00e1n para las tareas de conversi\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS."}], "lastModified": "2025-09-29T13:26:18.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD3C88C8-8803-4C8C-A4CB-DAB1474BCF79", "versionEndIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:openprinting:libcupsfilters:2.1:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD5B4F4-B4E7-4C27-A34B-EFC92A58B124"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}