vulnerability

CUPS: CVE-2024-47076: Access to controlled data via IPP

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:N/I:C/A:C)	Sep 26, 2024	Sep 26, 2024	Sep 30, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:C)

Published

Sep 26, 2024

Added

Sep 26, 2024

Modified

Sep 30, 2024

Description

Affecting libcupsfilters less than or equal to 2.1b1: cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker controlled data to the rest of the CUPS system.

Solution

misc-no-solution-exists

References

CVE-2024-47076
https://attackerkb.com/topics/CVE-2024-47076
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report