CVE-2024-47177

Name of the Vulnerable Software and Affected Versions CUPS versions 2.x cups-filters versions up to 2.0.1

Description The issue is related to the FoomaticRIPCommandLine function in the CUPS printing system, which allows remote command execution via a PPD file. This can be exploited when combined with other logic bugs, leading to the execution of arbitrary commands. The vulnerability is critical and can be exploited with low difficulty, requiring no user interaction and exploiting network-based vulnerabilities. It allows an attacker to send crafted packets that can manipulate printer attributes, leading to the injection of malicious PPD files.

Recommendations For CUPS versions 2.x: Update to a version that fixes the vulnerability. For cups-filters versions up to 2.0.1: Update to a version higher than 2.0.1 to fix the vulnerability. As a temporary workaround, consider disabling the FoomaticRIPCommandLine function until a patch is available.