CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities

Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog as more information becomes available.

FAQ

What is CUPS?

Common UNIX Printing System (CUPS) is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP (Internet Printing Protocol) to allow for printing with local and network printers.

What are the vulnerabilities associated with the recent CUPS disclosure?

As of September 26, the following four CVE identifiers were assigned for vulnerabilities related to CUPS:

CVE Description Affected Component CVSSv3*
CVE-2024-47076 libscupsfilters Improper Input Validation or Sanitization Vulnerability libcupsfilters 8.6
CVE-2024-47175 libppd Improper Input Validation or Sanitization Vulnerability libppd 8.6
CVE-2024-47176 cups-browsed Binding to an Unrestricted IP Address Vulnerability cups-browsed 8.4
CVE-2024-47177 cups-filters Command Injection Vulnerability cups-filters 9.1

*These CVSSv3 scores are current as of September 26..

What are CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177?

CVE-2024-47076 is a flaw in the libcupsfilters l

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Security Boulevard

Read the original article: