Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/73814?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73814?format=api", "vulnerability_id": "VCID-f6n6-k5ye-3ugq", "summary": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes", "aliases": [ { "alias": "CVE-2024-47076" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582542?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584172?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584173?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582543?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-3%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055802?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-3%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/584174?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582544?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-6%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-6%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582545?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.17-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927144?format=api", "purl": "pkg:deb/debian/libcupsfilters@2.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927145?format=api", "purl": "pkg:deb/debian/libcupsfilters@2.0.0-3%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927143?format=api", "purl": "pkg:deb/debian/libcupsfilters@2.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.1.1-2%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035664?format=api", "purl": "pkg:deb/debian/cups-filters@1.0.18-2.1%2Bdeb7u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3317-h26p-43ef" }, { "vulnerability": "VCID-39f1-22a5-c7aw" }, { "vulnerability": "VCID-4bxg-5tnm-y3hw" }, { "vulnerability": "VCID-581d-k9k6-rke4" }, { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-843p-8xve-nfer" }, { "vulnerability": "VCID-8vd7-dfbu-23d4" }, { "vulnerability": "VCID-9dsn-96eh-bbh4" }, { "vulnerability": "VCID-bgm5-bmfa-yugq" }, { "vulnerability": "VCID-cne2-7ev5-abgv" }, { "vulnerability": "VCID-dvvu-6p49-vbhz" }, { "vulnerability": "VCID-ed99-uccv-d7bh" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-mcmb-bvw9-dba5" }, { "vulnerability": "VCID-rcep-az2v-1yab" }, { "vulnerability": "VCID-uz2u-k3vm-w3c2" }, { "vulnerability": "VCID-vunm-ehd2-yugs" }, { "vulnerability": "VCID-vzgv-8drt-8yd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.18-2.1%252Bdeb7u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035665?format=api", "purl": "pkg:deb/debian/cups-filters@1.0.61-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3317-h26p-43ef" }, { "vulnerability": "VCID-39f1-22a5-c7aw" }, { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-9dsn-96eh-bbh4" }, { "vulnerability": "VCID-ed99-uccv-d7bh" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-rcep-az2v-1yab" }, { "vulnerability": "VCID-uz2u-k3vm-w3c2" }, { "vulnerability": "VCID-vzgv-8drt-8yd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.61-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035666?format=api", "purl": "pkg:deb/debian/cups-filters@1.0.61-5%2Bdeb8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3317-h26p-43ef" }, { "vulnerability": "VCID-39f1-22a5-c7aw" }, { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-9dsn-96eh-bbh4" }, { "vulnerability": "VCID-ed99-uccv-d7bh" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-rcep-az2v-1yab" }, { "vulnerability": "VCID-uz2u-k3vm-w3c2" }, { "vulnerability": "VCID-vzgv-8drt-8yd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.61-5%252Bdeb8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037516?format=api", "purl": "pkg:deb/debian/cups-filters@1.11.6-3%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-rcep-az2v-1yab" }, { "vulnerability": "VCID-vzgv-8drt-8yd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.11.6-3%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049456?format=api", "purl": "pkg:deb/debian/cups-filters@1.21.6-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-rcep-az2v-1yab" }, { "vulnerability": "VCID-vzgv-8drt-8yd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.21.6-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049457?format=api", "purl": "pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6qd1-jvb8-jqak" }, { "vulnerability": "VCID-7xq5-z572-xub3" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-rcep-az2v-1yab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/92294?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7?arch=3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7%3Farch=3" }, { "url": "http://public2.vulnerablecode.io/api/packages/92288?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9?arch=3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9%3Farch=3" }, { "url": "http://public2.vulnerablecode.io/api/packages/92295?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2?arch=2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2%3Farch=2" }, { "url": "http://public2.vulnerablecode.io/api/packages/92292?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4?arch=2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4%3Farch=2" }, { "url": "http://public2.vulnerablecode.io/api/packages/92297?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6?arch=3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6%3Farch=3" }, { "url": "http://public2.vulnerablecode.io/api/packages/92293?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8?arch=3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8%3Farch=3" }, { "url": "http://public2.vulnerablecode.io/api/packages/92291?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.20.0-35?arch=el8_10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.20.0-35%3Farch=el8_10" }, { "url": "http://public2.vulnerablecode.io/api/packages/92290?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0?arch=2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0%3Farch=2" }, { "url": "http://public2.vulnerablecode.io/api/packages/92289?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2?arch=2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2%3Farch=2" }, { "url": "http://public2.vulnerablecode.io/api/packages/92296?format=api", "purl": "pkg:rpm/redhat/cups-filters@1.28.7-17?arch=el9_4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-f6n6-k5ye-3ugq" }, { "vulnerability": "VCID-jvcy-2qyh-jqg4" }, { "vulnerability": "VCID-n7d3-6m3d-gbf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-filters@1.28.7-17%3Farch=el9_4" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98813", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98817", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98819", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.9882", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98821", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.73875", "scoring_system": "epss", "scoring_elements": "0.98827", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.74242", "scoring_system": "epss", "scoring_elements": "0.98849", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.74242", "scoring_system": "epss", "scoring_elements": "0.98853", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.74242", "scoring_system": "epss", "scoring_elements": "0.9883", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082821", "reference_id": "1082821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082821" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082827", "reference_id": "1082827", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253", "reference_id": "2314253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253" }, { "reference_url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "reference_id": "Attacking-UNIX-systems-via-CUPS-Part-I", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I" }, { "reference_url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "reference_id": "GHSA-7xfx-47qg-grp6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "reference_id": "GHSA-p9rh-jxmq-gq47", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" }, { "reference_url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "reference_id": "GHSA-rj88-6mr5-rcw8", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "reference_id": "GHSA-w63j-6g73-wmg5", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7346", "reference_id": "RHSA-2024:7346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7461", "reference_id": "RHSA-2024:7461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7462", "reference_id": "RHSA-2024:7462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7463", "reference_id": "RHSA-2024:7463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7503", "reference_id": "RHSA-2024:7503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7504", "reference_id": "RHSA-2024:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7506", "reference_id": "RHSA-2024:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7551", "reference_id": "RHSA-2024:7551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7553", "reference_id": "RHSA-2024:7553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7623", "reference_id": "RHSA-2024:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7623" }, { "reference_url": "https://usn.ubuntu.com/7043-1/", "reference_id": "USN-7043-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7043-1/" }, { "reference_url": "https://usn.ubuntu.com/7043-4/", "reference_id": "USN-7043-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7043-4/" }, { "reference_url": "https://usn.ubuntu.com/7044-1/", "reference_id": "USN-7044-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7044-1/" }, { "reference_url": "https://www.cups.org", "reference_id": "www.cups.org", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/" } ], "url": "https://www.cups.org" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." } ], "exploits": [ { "date_added": null, "description": "This module exploits vulnerabilities in OpenPrinting CUPS, which is running by\n default on most Linux distributions. The vulnerabilities allow an attacker on\n the LAN to advertise a malicious printer that triggers remote code execution\n when a victim sends a print job to the malicious printer. Successful exploitation\n requires user interaction, but no CUPS services need to be reachable via accessible\n ports. Code execution occurs in the context of the lp user. Affected versions\n are cups-browsed <= 2.0.1, libcupsfilters <= 2.1b1, libppd <= 2.1b1, and\n cups-filters <= 2.0.1.", "required_action": null, "due_date": null, "notes": "Stability:\n - crash-safe\nReliability:\n - event-dependent\nSideEffects:\n - ioc-in-logs\n - artifacts-on-disk\n", "known_ransomware_campaign_use": false, "source_date_published": "2024-09-26", "exploit_type": null, "platform": "Linux,Unix", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb" } ], "severity_range_score": "7.5 - 8.6", "exploitability": "2.0", "weighted_severity": "7.7", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6n6-k5ye-3ugq" }