CVE-2017-15400: CRLF and code injection in printer zeroconfig
Published Oct 22, 2017
·Updated
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
Credit
Rory McNamara
Affected Software
3 affected componentsFixes available
debian/cups
2.2.10-6+deb10u62.2.10-6+deb10u92.3.3op2-3+deb11u62.3.3op2-3+deb11u22.4.2-3+deb12u52.4.7-1
Google Chrome OS<62.0.3202.74
Google Chrome OS<62.0.3202.74
62.0.3202.74
Remediation
Patch Available
Event History
Oct 22, 2017
CVE Published
12:00 AM
Data Sourced
12:00 AM
WeaknessAffected Software
Feb 7, 2018
CVE Published
via MITRE·11:00 PM
Data Sourced
via MITRE·11:00 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2017-15400?
CVE-2017-15400 has been classified as a high severity vulnerability due to its potential for remote command execution.
2
How do I fix CVE-2017-15400?
To fix CVE-2017-15400, upgrade to Google Chrome OS version 62.0.3202.74 or later.
3
Who is affected by CVE-2017-15400?
CVE-2017-15400 affects Google Chrome OS versions prior to 62.0.3202.74.
4
What type of vulnerability is CVE-2017-15400?
CVE-2017-15400 is an insufficient restriction vulnerability related to IPP filters in CUPS.
5
Can CVE-2017-15400 be exploited remotely?
Yes, CVE-2017-15400 can be exploited remotely via a crafted PPD file.