CVE-2024-47177

Publication date 6 October 2024

Last updated 3 October 2024


Ubuntu priority

CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.

Read the notes from the security team

Status

Package Ubuntu Release Status
cups-filters 24.10 oracular
Vulnerable, fix deferred
24.04 LTS noble
Vulnerable, fix deferred
22.04 LTS jammy
Vulnerable, fix deferred
20.04 LTS focal
Vulnerable, fix deferred
18.04 LTS bionic
Vulnerable, fix deferred
16.04 LTS xenial
Vulnerable, fix deferred

Notes


mdeslaur

This CVE is mitigated by the fixes for CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176. There are still plans to eventually fix this CVE also, once a proper solution has been determined to be viable by the upstream developers. Marking as deferred for now until a fix is available.