CVE-2024-47076 (GCVE-0-2024-47076)

Vulnerability from cvelistv5 – Published: 2024-09-26 21:18 – Updated: 2025-11-03 22:19
VLAI
Title
libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
Summary
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Severity
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
OpenPrinting libcupsfilters Affected: <= 2.1b1
Create a notification for this product.
openprinting libcupsfilters Affected: 0 , ≤ 2.1b1 (custom)
    cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "libcupsfilters",
            "vendor": "openprinting",
            "versions": [
              {
                "lessThanOrEqual": "2.1b1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-28T03:55:45.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:19:59.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0001/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libcupsfilters",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.1b1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T22:01:09.793Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"
        },
        {
          "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
        },
        {
          "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"
        },
        {
          "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
        },
        {
          "name": "https://www.cups.org",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cups.org"
        },
        {
          "name": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"
        }
      ],
      "source": {
        "advisory": "GHSA-w63j-6g73-wmg5",
        "discovery": "UNKNOWN"
      },
      "title": "libcupsfilters\u0027s cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47076",
    "datePublished": "2024-09-26T21:18:22.067Z",
    "dateReserved": "2024-09-17T17:42:37.030Z",
    "dateUpdated": "2025-11-03T22:19:59.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-47076",
      "date": "2026-06-05",
      "epss": "0.75847",
      "percentile": "0.9893"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47076\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-26T22:15:04.063\",\"lastModified\":\"2025-11-03T23:16:12.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.\"},{\"lang\":\"es\",\"value\":\"CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libcupsfilters` contiene el c\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\u00eda que se utilizar\u00e1n para las tareas de conversi\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0\",\"matchCriteriaId\":\"DD3C88C8-8803-4C8C-A4CB-DAB1474BCF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openprinting:libcupsfilters:2.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD5B4F4-B4E7-4C27-A34B-EFC92A58B124\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.cups.org\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241011-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:19:59.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T17:59:05.883824Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*\"], \"vendor\": \"openprinting\", \"product\": \"libcupsfilters\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1b1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T18:03:19.816Z\"}}], \"cna\": {\"title\": \"libcupsfilters\u0027s cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server\", \"source\": {\"advisory\": \"GHSA-w63j-6g73-wmg5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenPrinting\", \"product\": \"libcupsfilters\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 2.1b1\"}]}], \"references\": [{\"url\": \"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\", \"name\": \"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\", \"name\": \"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\", \"name\": \"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\", \"name\": \"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.cups.org\", \"name\": \"https://www.cups.org\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\", \"name\": \"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-26T22:01:09.793Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:19:59.403Z\", \"dateReserved\": \"2024-09-17T17:42:37.030Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-26T21:18:22.067Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.