Filtered by vendor Openprinting Subscriptions
Filtered by product Libppd Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-47175 2 Openprinting, Redhat 7 Libppd, Enterprise Linux, Rhel Aus and 4 more 2024-11-21 8.6 High
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2023-4504 3 Debian, Fedoraproject, Openprinting 4 Debian Linux, Fedora, Cups and 1 more 2024-11-21 7.0 High
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.