vulnerability

CUPS: CVE-2024-47175: No IIP Sanitization or validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:P)	Sep 26, 2024	Sep 26, 2024	Sep 30, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:P)

Published

Sep 26, 2024

Added

Sep 26, 2024

Modified

Sep 30, 2024

Description

Affecting libppd less than or equal to 2.1b1: ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD.

Solution

misc-no-solution-exists

References

CVE-2024-47175
https://attackerkb.com/topics/CVE-2024-47175
URL-https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today