VulnerableCode Package Details - pkg:deb/debian/cups-filters@1.28.17-4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-5335-kq4z-zfgt Aliases: CVE-2024-47176	CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.	1.28.17-5 Affected by 0 other vulnerabilities.
VCID-vk83-kkj8-sffy Aliases: CVE-2024-47076	CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.	1.28.17-5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5335-kq4z-zfgt
Aliases:
CVE-2024-47176

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

1.28.17-5
Affected by 0 other vulnerabilities.

VCID-vk83-kkj8-sffy
Aliases:
CVE-2024-47076

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

1.28.17-5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-10-02T07:39:15.002151+00:00	Debian Importer	Affected by	VCID-5335-kq4z-zfgt	https://security-tracker.debian.org/tracker/data/json	34.0.1
2024-10-02T07:39:10.140220+00:00	Debian Importer	Affected by	VCID-vk83-kkj8-sffy	https://security-tracker.debian.org/tracker/data/json	34.0.1

2024-10-02T07:39:15.002151+00:00

Debian Importer

Affected by

VCID-5335-kq4z-zfgt

https://security-tracker.debian.org/tracker/data/json

34.0.1

2024-10-02T07:39:10.140220+00:00

Debian Importer

Affected by

VCID-vk83-kkj8-sffy

https://security-tracker.debian.org/tracker/data/json

34.0.1

purl	pkg:deb/debian/cups-filters@1.28.17-4.1
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0