CVE-2024-47076
cups-filters - security update
Description
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
How to fix CVE-2024-47076
To remediate CVE-2024-47076, upgrade the affected package to a fixed version below.
- —upgrade to 1.28.7-1+deb11u3 or later
- —upgrade to 1.28.7-1+deb11u3 or later
- —upgrade to 1.28.17-3+deb12u1 or later
- —upgrade to 2.0.0-3 or later
Is CVE-2024-47076 being exploited?
Likely — EPSS is 75.8%, placing CVE-2024-47076 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (4)
- from 0, < 1.28.7-1+deb11u3
- from 0, < 1.28.7-1+deb11u3
- from 0, < 1.28.17-3+deb12u1
- from 0, < 2.0.0-3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |