{"id":"CVE-2023-24805","summary":"Command injection in cups-filters","details":"cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.","aliases":["GHSA-gpxc-v2m8-fr3x"],"modified":"2026-04-16T04:33:04.433381491Z","published":"2023-05-17T17:33:41.714Z","related":["ALSA-2023:3423","ALSA-2023:3425","SUSE-SU-2023:2233-1","SUSE-SU-2023:2233-2","SUSE-SU-2023:2287-1","openSUSE-SU-2024:12939-1"],"database_specific":{"cwe_ids":["CWE-78"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/24xxx/CVE-2023-24805.json"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/24xxx/CVE-2023-24805.json"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24805"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-06"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5407"},{"type":"FIX","url":"https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openprinting/cups-filters","events":[{"introduced":"0"},{"fixed":"8f274035756c04efeb77eb654e9d4c4447287d65"}]}],"versions":["2.0b1","2.0b2","2.0b3","2.0rc1","release-1-0","release-1-0-1","release-1-0-10","release-1-0-11","release-1-0-12","release-1-0-13","release-1-0-14","release-1-0-15","release-1-0-16","release-1-0-17","release-1-0-18","release-1-0-19","release-1-0-2","release-1-0-20","release-1-0-21","release-1-0-22","release-1-0-23","release-1-0-24","release-1-0-25","release-1-0-26","release-1-0-27","release-1-0-28","release-1-0-29","release-1-0-3","release-1-0-30","release-1-0-31","release-1-0-32","release-1-0-33","release-1-0-34","release-1-0-35","release-1-0-36","release-1-0-37","release-1-0-38","release-1-0-39","release-1-0-4","release-1-0-40","release-1-0-41","release-1-0-42","release-1-0-43","release-1-0-44","release-1-0-45","release-1-0-46","release-1-0-47","release-1-0-48","release-1-0-49","release-1-0-5","release-1-0-50","release-1-0-51","release-1-0-52","release-1-0-53","release-1-0-54","release-1-0-55","release-1-0-56","release-1-0-57","release-1-0-58","release-1-0-59","release-1-0-6","release-1-0-60","release-1-0-61","release-1-0-62","release-1-0-63","release-1-0-65","release-1-0-66","release-1-0-67","release-1-0-68","release-1-0-69","release-1-0-7","release-1-0-70","release-1-0-71","release-1-0-72","release-1-0-73","release-1-0-74","release-1-0-75","release-1-0-76","release-1-0-8","release-1-0-9","release-1-0-b1","release-1-1-0","release-1-10-0","release-1-11-0","release-1-11-1","release-1-11-2","release-1-11-3","release-1-11-4","release-1-11-5","release-1-11-6","release-1-12-0","release-1-13-0","release-1-13-1","release-1-13-2","release-1-13-3","release-1-13-4","release-1-13-5","release-1-14-0","release-1-14-1","release-1-15-0","release-1-16-0","release-1-16-1","release-1-16-2","release-1-16-3","release-1-16-4","release-1-17-1","release-1-17-2","release-1-17-3","release-1-17-4","release-1-17-5","release-1-17-6","release-1-17-7","release-1-17-8","release-1-17-9","release-1-17.0","release-1-18-0","release-1-19-0","release-1-2-0","release-1-20-0","release-1-20-1","release-1-20-2","release-1-20-3","release-1-20-4","release-1-21-0","release-1-21-1","release-1-21-2","release-1-21-3","release-1-21-4","release-1-21-5","release-1-21-6","release-1-22-0","release-1-22-1","release-1-22-2","release-1-22-3","release-1-22-4","release-1-22-5","release-1-22-6","release-1-23-0","release-1-24-0","release-1-25-0","release-1-25-1","release-1-25-10","release-1-25-11","release-1-25-12","release-1-25-13","release-1-25-2","release-1-25-3","release-1-25-4","release-1-25-5","release-1-25-6","release-1-25-7","release-1-25-8","release-1-25-9","release-1-26-0","release-1-26-1","release-1-26-2","release-1-27-0","release-1-27-1","release-1-27-2","release-1-27-3","release-1-27-4","release-1-27-5","release-1-3-0","release-1-4-0","release-1-5-0","release-1-6-0","release-1-7-0","release-1-8-0","release-1-8-1","release-1-8-2","release-1-8-3","release-1-9-0","v1.17.9"],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-24805-2a0bc1ef","digest":{"length":1156,"function_hash":"256413667694853054828751725072605603600"},"source":"https://github.com/openprinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65","target":{"function":"call_backend","file":"backend/beh.c"},"signature_version":"v1","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/openprinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65","signature_version":"v1","id":"CVE-2023-24805-a5c9857a","target":{"function":"sigterm_handler","file":"backend/beh.c"},"digest":{"length":188,"function_hash":"224642901620830561574816684506087535404"},"deprecated":false,"signature_type":"Function"},{"id":"CVE-2023-24805-b1bb5522","digest":{"line_hashes":["336433534915258757440512737979679119302","255448314539370447811861015826131044573","276204030086046488740724915511368844362","252593008618790367912992225005074541304","254367215013198517493971312320468561448","315656450564785148159079593964546916115","50393758943802058079484987056462206130","179896551633017242943909974903428782878","228590225382821270879006355956662352257","189357118503192687294868531072170592143","125011588821384439167992386054618827623","156176600181604507671981007986732016024","196076861438194974331640514195758097849","176230111305182588357253853623789183152","83322671145663244694348936284299180508","334302320387971385267918803198029880021","64783996198280880139715861407920656740","16723100022986641730912050783592648290","103738248385806203490369330333673247936","284147897847263709438665418571430060034","108312456918277166721951985231236629096","209579493794288918340329276386692901579","73036098058363363573429875670526633534","324018418835253212785847545054368849131","215220559661833230446393127199551296095","302655103835751255338172269830697924769","308978349881542370516454089815805699930","208601657847723254508172814377809753226","28175789838438876788270192031829832298","127131748914881250146546932408914446017","34819761306209830277454179112877877993","297945299019667209576702755918659415674","165734544443049370380106087587790700767","167353879757055269000751627107491715415","63463212120067356816908282154286338644","108774937700769517853399697900010385742","279944987780074130237468652812559064985","184789108371907075752977038672020417109","85553234236070916957421432686671975566","226149373005215269506379951375025670314","315500153785159331590844103351129780191","109231109179651467030499041716057393105","31922114973776588607384677525890151883"],"threshold":0.9},"source":"https://github.com/openprinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65","target":{"file":"backend/beh.c"},"signature_version":"v1","deprecated":false,"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-12T06:21:04Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24805.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}