CVE-2024-47177: cups-filters vulnerable to Command injection via FoomaticRIPCommandLine

Published Sep 26, 2024
·
Updated

CVE-2024-47076CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilters does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.CVE-2024-47175CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.CVE-2024-47176CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL. Due to the service binding to :631 ( INADDRANY ), multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.CVE-2024-47177CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE2024-47176, this can lead to remote command execution.

Other sources

OpenPrinting cups-filters could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an error in cups-filter. By using the FoomaticRIPCommandLine entry in the PPD file, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.

IBM

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.

NVD

Affected Software

1 affected component
F5 Traffix SDC

Event History

Sep 26, 2024
CVE Published
via MITRE·09:56 PM
Rejected
via MITRE·09:56 PM
News Published
via BleepingComputer·10:03 PM
News Published
via BleepingComputer·10:04 PM
Data Sourced
via NVD·10:15 PM
Description
Sep 27, 2024
Advisory Published
via F5·04:25 PM
Dec 26, 2024
News Published
via Dark Reading·02:00 PM
News Published
via Dark Reading·02:01 PM
Feb 4, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
May 12, 2025
Rejected
via MITRE·09:08 PM
Rejected
via NVD·09:15 PM

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-47177?

CVE-2024-47177 is rated as a high severity vulnerability due to the potential for remote code execution.

2

How do I fix CVE-2024-47177?

To mitigate CVE-2024-47177, ensure that updated versions of CUPS and cups-filters are deployed to override vulnerable components.

3

Who is affected by CVE-2024-47177?

CVE-2024-47177 affects users of CUPS 2.x, specifically those using F5 Traffix SDC and other Linux-based systems.

4

What type of attack does CVE-2024-47177 enable?

CVE-2024-47177 enables remote code execution attacks via manipulation of PPD files in CUPS installations.

5

Can CVE-2024-47177 be exploited remotely?

Yes, CVE-2024-47177 can be exploited remotely if the vulnerable printing system is reachable over the network.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203