PT-2024-6503 · Cups+10 · Cups+10

Evilsocket

·

Published

2024-09-26

·

Updated

2026-05-13

·

CVE-2024-47175

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions CUPS (affected versions not specified)
Description The issue is related to the libppd function ppdCreatePPDFromIPP2 not sanitizing IPP attributes when creating the PPD buffer. This can result in user-controlled input and ultimately code execution via Foomatic, potentially leading to remote code execution (RCE). The vulnerability can be part of an exploit chain and may allow an attacker to write arbitrary data to the resulting PPD file.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Command Injection

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

ALSA-2024:7346
ALSA-2024:7463
ALSA-2024:9470
ALSA-2024_9470
ALSA-2025:0083
ALSA-2025_0083
ALT-PU-2024-13658
ALT-PU-2024-14167
ALT-PU-2024-14888
BDU:2024-07645
CESA-2024_7463
CESA-2025_0083
CVE-2024-47175
DLA-3904-1
DSA-5779-1
GHSA-7XFX-47QG-GRP6
GHSA-P9RH-JXMQ-GQ47
GHSA-RJ88-6MR5-RCW8
GHSA-W63J-6G73-WMG5
INFSA-2024_7346
INFSA-2024_7463
INFSA-2024_9470
INFSA-2025_0083
MGASA-2024-0327
OESA-2024-2222
OESA-2024-2223
OESA-2024-2224
OESA-2024-2225
OESA-2024-2246
OPENSUSE-SU-2025:15563-1
RHSA-2024:7346
RHSA-2024:7461
RHSA-2024:7462
RHSA-2024:7463
RHSA-2024:7503
RHSA-2024:7504
RHSA-2024:7506
RHSA-2024:7551
RHSA-2024:7553
RHSA-2024:7623
RHSA-2024:9470
RHSA-2024_7346
RHSA-2024_7463
RHSA-2024_9470
RHSA-2025:0083
RHSA-2025_0083
RLSA-2024:7346
RLSA-2024:7463
RLSA-2024:9470
RLSA-2025:0083
SUSE-SU-2025:03225-1
SUSE-SU-2025:03261-1
SUSE-SU-2025_03225-1
SUSE-SU-2025_03261-1
SUSE-SU-2026:1948-1
USN-7041-1
USN-7041-2
USN-7041-3
USN-7045-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Cups
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu