CVE-2024-47177

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47177
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

12 May 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.0 		v2 : unknown
v3 : unknown
CWE CWE-77
References
  • {'url': 'https://bugzilla.suse.com/show_bug.cgi?id=1230931', 'source': 'security-advisories@github.com'}
  • {'url': 'https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8', 'source': 'security-advisories@github.com'}
  • {'url': 'https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47', 'source': 'security-advisories@github.com'}
  • {'url': 'https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5', 'source': 'security-advisories@github.com'}
  • {'url': 'https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6', 'source': 'security-advisories@github.com'}
  • {'url': 'https://www.cups.org', 'source': 'security-advisories@github.com'}
  • {'url': 'https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I', 'source': 'security-advisories@github.com'}
Summary
  • (es) CUPS es un sistema de impresión de código abierto basado en estándares, y cups-filters proporciona backends, filtros y otro software para que CUPS 2.x se utilice en sistemas que no sean Mac OS. Cualquier valor que se pase a `FoomaticRIPCommandLine` a través de un archivo PPD se ejecutará como un comando controlado por el usuario. Cuando se combina con otros errores lógicos como los descritos en CVE_2024-47176, esto puede provocar la ejecución remota de comandos.
Summary (en) ** DISPUTED ** CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE-2024-47176, this can lead to remote command execution. This vulnerability has been disputed by a third party because `FoomaticRIPCommandLine` is functionality that is intended to execute administrator specified code. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.

08 May 2025, 19:16

Type Values Removed Values Added
Summary (en) CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE-2024-47176, this can lead to remote command execution. This vulnerability has been disputed by a third party because `FoomaticRIPCommandLine` is functionality that is intended to execute administrator specified code. (en) ** DISPUTED ** CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE-2024-47176, this can lead to remote command execution. This vulnerability has been disputed by a third party because `FoomaticRIPCommandLine` is functionality that is intended to execute administrator specified code.

08 May 2025, 17:16

Type Values Removed Values Added
References
  • () https://bugzilla.suse.com/show_bug.cgi?id=1230931 -
Summary (en) CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. (en) CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE-2024-47176, this can lead to remote command execution. This vulnerability has been disputed by a third party because `FoomaticRIPCommandLine` is functionality that is intended to execute administrator specified code.

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) CUPS es un sistema de impresión de código abierto basado en estándares, y cups-filters proporciona backends, filtros y otro software para que CUPS 2.x se utilice en sistemas que no sean Mac OS. Cualquier valor que se pase a `FoomaticRIPCommandLine` a través de un archivo PPD se ejecutará como un comando controlado por el usuario. Cuando se combina con otros errores lógicos como los descritos en CVE_2024-47176, esto puede provocar la ejecución remota de comandos.

26 Sep 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-26 22:15

Updated : 2025-05-12 21:15

NVD link : CVE-2024-47177

Mitre link : CVE-2024-47177

CVE.ORG link : CVE-2024-47177

JSON object : View

Products Affected

No product.

CWE

No CWE.