Fluid Attacks Database

Description

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.21	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.10-r1	2.4.10-r1
debian 13	cups	>=0 <2.4.10-2	2.4.10-2
alpine v3.19	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.9-r1	2.4.9-r1
alpine v3.20	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.9-r1	2.4.9-r1
alpine v3.22	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.10-r1	2.4.10-r1
debian 11	cups	=2.3.3op2-3+deb11u1 \|\| =2.3.3op2-3+deb11u2 \|\| =2.3.3op2-3+deb11u3 \|\| =2.3.3op2-3+deb11u4 \|\| =2.3.3op2-3+deb11u5 \|\| =2.3.3op2-3+deb11u6 \|\| =2.3.3op2-3+deb11u7 \|\| =2.3.3op2-3+deb11u8 \|\| >=0 <2.3.3op2-3+deb11u9	2.3.3op2-3+deb11u9
debian 12	cups	=2.4.2-3 \|\| =2.4.2-3+deb12u1 \|\| =2.4.2-3+deb12u2 \|\| =2.4.2-3+deb12u3 \|\| =2.4.2-3+deb12u4 \|\| =2.4.2-3+deb12u5 \|\| =2.4.2-3+deb12u6 \|\| =2.4.2-3+deb12u7 \|\| >=0 <2.4.2-3+deb12u8	2.4.2-3+deb12u8
debian 14	cups	>=0 <2.4.10-2	2.4.10-2
alpine v3.23	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.10-r1	2.4.10-r1
rpm rhel7	cups	-	-

1-10 of 16

Aliases

1. CVE-2024-471752. NVD-2024-471753. OSV-ALPINE-2024-471754. OSV-2024-471755. OSV-DEBIAN-2024-471756. SECURITY-CVE-2024-471757. SECURITY-TRACKER-CVE-2024-47175

References

1. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.