CVE-2024-47176

Name of the Vulnerable Software and Affected Versions cups versions prior to 2.4.11-alt1 cups-browsed versions prior to 2.0.1-0ubuntu2.1 cups-filters (affected versions not specified)

Description The Common UNIX Printing System (CUPS) and related components, including cups-browsed and cups-filters, are affected by multiple vulnerabilities. These issues include remote command injection via manipulation of PPD files (libppd), improper binding of cups-browsed to all interfaces allowing unauthorized access, and a lack of sanitization of IPP attributes in cups-filters. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code. The cups-browsed component binds to UDP INADDR ANY:631, potentially allowing unauthorized access. The cfGetPrinterAttributes API in cups-filters does not sanitize returned IPP attributes, leading to potential vulnerabilities.

Recommendations Update to cups version 2.4.11-alt1 or later. Update to cups-browsed version 2.0.1-0ubuntu2.1 or later. Update cups-filters to the latest available version.