Arbitrary Command Injection Affecting foomatic-filters package, versions *


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.04% (13th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Arbitrary Command Injection vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS7-FOOMATICFILTERS-8102690
  • published27 Sept 2024
  • disclosed26 Sept 2024

Introduced: 26 Sep 2024

CVE-2024-47177  (opens in a new tab)
CWE-77  (opens in a new tab)

How to fix?

There is no fixed version for Centos:7 foomatic-filters.

NVD Description

Note: Versions mentioned in the description apply only to the upstream foomatic-filters package and not the foomatic-filters package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.

CVSS Scores

version 4.0
version 3.1