{"id":"CVE-2024-47175","summary":"libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer","details":"CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.","modified":"2026-04-02T09:47:12.430733Z","published":"2024-09-26T21:18:25.265Z","related":["ALSA-2025:0083","GHSA-7xfx-47qg-grp6","GHSA-p9rh-jxmq-gq47","GHSA-rj88-6mr5-rcw8","GHSA-w63j-6g73-wmg5","MGASA-2024-0327","SUSE-SU-2025:03225-1","SUSE-SU-2025:03261-1","openSUSE-SU-2025:15563-1"],"database_specific":{"cwe_ids":["CWE-20"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47175.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/09/27/3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html"},{"type":"WEB","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0016"},{"type":"WEB","url":"https://www.cups.org"},{"type":"WEB","url":"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47175.json"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47175"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241011-0001/"},{"type":"FIX","url":"https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openprinting/cups-browsed","events":[{"introduced":"0"},{"last_affected":"089450357e61673fa9871b927c4b3b6cea4690a1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1b1"}]}}],"versions":["2.0.0","2.0.1","2.0b1","2.0b2","2.0b3","2.0b4","2.0rc1","2.0rc2","2.1.0","2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47175.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openprinting/libppd","events":[{"introduced":"0"},{"last_affected":"62666f01b167bdf5975b08fbab5c2f34d9277db3"},{"fixed":"d681747ebf12602cb426725eb8ce2753211e2477"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"}]}}],"versions":["2.0.0","2.0b1","2.0b2","2.0b3","2.0b4","2.0rc1","2.0rc2"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","source":"https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477","target":{"file":"ppd/ppd-generator.c"},"deprecated":false,"digest":{"line_hashes":["13657414141099091691635291782047114017","179637470280244837008176563126183788885","214787474153319818990581012004035173615","3002717928479943997060028982643284852","159096385128569896280610269371592568053","77337216822729623112272161880149641434","197179166822533337179531229671826243933","236486196035859707569908348756523907071","2689207539077521754152627809020885327","128143771128332181260418942696020117809","191816057321364024145406562454466065261","241448865882338986400693537308424420526","42507907948769242436678899590176672937","268535490051602020295132333894143726053","18552650359476914654606904933113723747","218654107408508943343164246090326665896","126819102941138640721724569274007733825","251958955879168698687999741705006362759","228621827500657128851565500754855978891","129127384719845180631907207419521882511","213727329131903225053251009554191218826","83858534301478188605736077853815939731","275336668951445858794979961935164211014","256902588969568705132128755467119784266","197083152655128572603765319948698891636","113659633516486662101893316459255687167","286989262126922432094027390571757481760","258817121794347735289627196878053834866","274337704483718356856616034585435422484","241298127736859654256849988586566772368","124384700796260125849356684752696994934","56248146128134383788123273035983480729","235041686558498289625746394354632783824","247536508008872762680631757545001016681","198092554591814241283982925735897035613","221144883054892079824237838724905250934","206719326850659574769949949142476396031","273877502857049434470214113002814976785","129484807128364309210581577868172087220","319258179775034869895452851858110340523","313061615362622851163499978762652934948","172420781589553181020460183378211434261","290708757369134577352858099363706373363","144800020873288284653462179105109580111","299130312401373186633300865533447292458","8292286174073139609242814925974066265","131211901393011678774332822611860086001","195206238519599007661102176338445207803","47016060980678851530742133160511888118","308431912755519644845428383987973663235","74958880418025422546509665927314083685","203078994312945954043330350545691149265","95716318203617130996210406223252398150","265057862456991654684182045005876127407","12569098522279582792281965014481650442","282193087003034843766144253977827125254","11966347029580499232831738599650682840","55382598886309335299441209947810330305","231101400534196992335644196007717423537","295767610399753934124177763872583059750","326640825070627513591505274123592444241","289624743953558242272766566441696966965","70459182367374245142793301187942896698","137131752624876818288707923333641769102","107471915641247555491242993247755985951","209819200612645856499942254628070177660","336680696334442249004603195834200942293","268151872527405750980904018291686985508","165110161699501584476913170886126424309","247351885446184800499136619225322795099","290968901442873585654157465495214344949","294311141080300408006595942835005582562","267767348636652854099370999974015189782","44702406066619520302181542438969026301","303260531109013594894998329080072593493","181195692482280450610661876900299595215","129731211595524586991167448730209639007","240722944967476163543605039861370092207","207840168773150979041291936556461565556","102881950761989875032730916339249842190","191379608329684548300511187297592327052","139672167553202256071105392847761570408","72515586160701856270742012094337608118","145227599257867160988967966717158254536","128536424490631507025939708434209486307","216176394627956034140694645555567962588","101960091654352500560157706137492665555","181288121312627014024743201949027261314","76469645778989027596609822384063025192","114176824920081591213354761125398485919","142011842845165633393399265070832672632","77953199544468195115193008119598490468","257044301708498123626907409243986774255","125587933794456815880480451013082555252","228282877543782551904059406587134805098","108587633537507210242609878158511307392","108587633537507210242609878158511307392","294443775201104772427041204077934872502","209373139445880059306204340813982200873","277218306774663801064839604736944302350","117523880237288078180743513566966731238","189973893700652399146210155979048075895","126002451306872058685072482872363737832","242532180203496694743563501868879103593","154058036847786256584254209099681721307","79754600185094410510854520269985331501","282117430771198913300089123735600926934","29460670488369244428584316215189003612","220291534298192626038869684245822804254","201869077141721417747076525217641186186","270066339609463281133663263335152775790","111260188993682968939406363381878450572","128376368243722700379199115157585626438","112483867201262591228065868305507472791","218915743757081816362336354741381799953","180380180716495609054037260008802845830","79122977360793943714903327496498058092","324923227619856912546388394153930750824","245648887213105255818736472136816146538","215535444251817653331940269308545444317","63016822527027298336408133304781098860","169520168406106146503396510846809175995","239887358579111148283699088931772363750","166460879508481789302883784826577475195","211061126337150266281461065104165778799","16333491549774054731587748342143375783","167901205595564190369119787636143196282","133691693291650497868351157874037938879","176230953966779655415214485419417885230","263382297809294415077640770841889177345","49173526359424214731431534219315002663","320112716046754228734305061141567523928","330900083209569436542991693912433889376","240016553455410747422729945752236013074","117857469224943828321789374700309041741","267131271169554354011599392713089954136","122608408946738826846755789549928261132","242195939918807890167848840295493695320","170764079486619476206189494038119819479","225727472443979207923643502197200635125","133068623743920565490993363129578248263","324371178261061608798952586338804832144","81136898388327548926084361971713502612","43028556021364385481474646609447886928","338505206533059922313899183885749539980","157614166557928890429130745972115988953","33360044503610735942790286232826407293","78854007979661530816282256941513612940","14726928271880367301208595255466837113","27001413543773791602054007542482414505","214070005360288990819732710654626139249","46247228273134817642804325831112716894","150524330654636382272465449067496272144","103994676762065083381733712387972260113","82734135911380456678053767277603248261","6759737908659503237065708707546026220","314385014280270433894610442643629957729","337208897388496633389344882496549434814","155539045161406802648530912769652922448","252364559516146779480365009443467271940","198394794613762105327491019841654119990","185377298162314511624819964987021866248","72157868577884920785264130794179595603","328147112264355190953737884487143640922","99168952162010758797464464267566442731","191098814767141962316185724580038518056","103390130309976364311614582815121552215","40631159608681811960482873195241626847","167214177974543023518297772351233595990","186683628716940956273897486965722035718","102220665752656748744092251932307248574","210278171268877159429565184281535879164","229476370894566260570117341033718258018","249458962582342511520008558920334145042","30453229203965877880602220933049028254","303737757470350839231375352478387774393","162771152117620862610758742036607171127","35961783285829317560118075265514337516","239298780820900279565277749781785388163","85114403770401855809103147434844841799","258109389748279026566964647982477655739","118944370878808259041938147511670197574","45158438520184479235476884718387893533","288196935768999962270188575575962781260","86591879812236938228994653932709095837","223916541271667932305697690792558496027","325060886801107535446926450152831318708","43805239956855173919427179238306199314","130670042774811695047047331534198611187","324405680071135182448703176290406218932"],"threshold":0.9},"signature_version":"v1","id":"CVE-2024-47175-7df6b026"},{"signature_type":"Function","source":"https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477","target":{"file":"ppd/ppd-cache.c","function":"ppdPwgPpdizeName"},"deprecated":false,"digest":{"length":426,"function_hash":"280364460157987776697634472120689763238"},"signature_version":"v1","id":"CVE-2024-47175-c8e133f6"},{"signature_type":"Line","source":"https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477","target":{"file":"ppd/ppd-cache.c"},"deprecated":false,"digest":{"line_hashes":["314153491438704912369263063539315333306","301406673067936221150408808401856488730","201760927979979486478408025424736167416","138835441134705449542335701499379245092","44811028385488211975003700206918775367","45969258807845511612267900319424176846","111403921756315227801704793741612557459","107536224559804136032495385112793914530","13924261078458057045354860832166491141","273957665075472855771183862732680239956","107899844511260855802332663484614690729","67279158652518878577868394095407842886","196148540091889373915363239853931950429","201056697143904529201950384675633328596","206443931478505721985786624826116999072","158917100181299899083491918329496680140","122578452366751414380955526438600093832","67912458911441802129486237718649581198","278084674268239665865268914370473484500","194251439077887421567953408577259823331","257923199922340328344799252377779529270"],"threshold":0.9},"signature_version":"v1","id":"CVE-2024-47175-dcac69d5"},{"signature_type":"Function","source":"https://github.com/openprinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477","target":{"file":"ppd/ppd-generator.c","function":"ppdCreatePPDFromIPP2"},"deprecated":false,"digest":{"length":58062,"function_hash":"293079276524598589233098368722888906318"},"signature_version":"v1","id":"CVE-2024-47175-ead2453f"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47175.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}]}