2314289 – (CVE-2024-47177) CVE-2024-47177 cups-filters: foomatic: foomatic-rip in cups-filters allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter

Bug 2314289 (CVE-2024-47177) - CVE-2024-47177 cups-filters: foomatic: foomatic-rip in cups-filters allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter

Summary: CVE-2024-47177 cups-filters: foomatic: foomatic-rip in cups-filters allows ar...

Keywords:
Status:	NEW
Alias:	CVE-2024-47177
Product:	Security Response
Classification:	Other
Component:	vulnerability-draft
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2315003 2315005
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-23 20:12 UTC by OSIDB Bzimport
Modified:	2025-06-10 10:56 UTC (History)
CC List:	28 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-23 20:12:08 UTC

A security flaw was found in OpenPrinting CUPS. A remote attacker may be able to exploit cups-filters via the `FoomaticRIPCommandLine` entry in the PPD file, which would trigger the CUPS system to execute any arbitrary commands injected into that file when a print job is sent to the affected device.

Note You need to log in before you can comment on or make changes to this bug.

asdas
bmontgom
dpaolell
eparis
erack
gnaik
gotiwari
jburrell
jdelft
jhorak
jupierce
jwest
jwright
kyoshida
lgarciaa
mbiarnes
mvyas
nstielau
security-response-team
sidsharm
sponnaga
talessio
tpopela
vlaad
ximhan
yuxzhu
zdohnal
zmiele