← back
CVE-2024-47076

libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server

CVSS 8.6 HIGHEPSS 83.4%CWE-20
In short

The libcupsfilters library fails to validate printer information received from an IPP server, allowing an attacker to inject malicious data that gets passed to other parts of the CUPS printing system. This could lead to unauthorized access or system compromise.

Technical detail

The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes from remote servers, enabling attribute injection attacks where malicious IPP responses are processed without validation and subsequently used in PPD file generation. A remote attacker controlling an IPP server can inject crafted attributes that propagate to downstream CUPS components, potentially leading to arbitrary code execution or privilege escalation depending on how the data is consumed.

Summary generated and translated by AI from the official description.
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Affected products
OpenPrinting · libcupsfilters

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6https://lists.debian.org/debian-lts-announce/2024/09/msg00048.htmlhttps://security.netapp.com/advisory/ntap-20241011-0001/https://www.cups.orghttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I