cups-filters: command injection (CVE-2024-47177) #shorts #breaking

CVE

This CVE exposes a vulnerability in the cups-filters software, which is integral to the CUPS printing system used on non-Mac OS platforms. The issue arises because any input passed to 'FoomaticRIPCommandLine' through a printer description file can be executed as a command. This means that an attacker can potentially run unauthorized commands on an affected system. When paired with other logical flaws, such as those outlined in CVE-2024-47176, it may even allow for remote command execution. The vulnerability affects versions up to 2.0.1 of the OpenPrinting cups-filters.

Watch the full video on YouTube: CVE-2024-47177

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-47177
Description
Provider
GitHub_M
CWE / problem types
Affected Software Versions
Date Published
2024-09-26T21:56:36.661Z
Last Updated
2025-05-12T21:08:50.663Z