发布时间: 2024年10月12日
修改时间: 2024年10月12日
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 8.6 | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3926 | cups security update | 2024年10月14日 |
| KylinSec-SA-2024-4061 | cups security update | 2024年11月11日 |
| KylinSec-SA-2024-4096 | cups-filters security update | 2025年2月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | cups | Fixed |
| KY3.5.2 | cups | Fixed |
| V6 | cups | Fixed |
| KY3.5.3 | cups | Fixed |
