CVE-2024-47177
Publication date 6 October 2024
Last updated 3 October 2024
Ubuntu priority
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| cups-filters | 24.04 LTS noble |
Vulnerable, fix deferred
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
Notes
mdeslaur
This CVE is mitigated by the fixes for CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176. There are still plans to eventually fix this CVE also, once a proper solution has been determined to be viable by the upstream developers. Marking as deferred for now until a fix is available.