ISHACK AI BOT

Amazon Linux 2023: CVE-2024-47076: Medium priority package update for cups-filters Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:N) Published 09/26/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system. Solution(s) amazon-linux-2023-upgrade-cups-filters amazon-linux-2023-upgrade-cups-filters-debuginfo amazon-linux-2023-upgrade-cups-filters-debugsource amazon-linux-2023-upgrade-cups-filters-devel amazon-linux-2023-upgrade-cups-filters-libs amazon-linux-2023-upgrade-cups-filters-libs-debuginfo References https://attackerkb.com/topics/cve-2024-47076 CVE - 2024-47076 https://alas.aws.amazon.com/AL2023/ALAS-2024-723.html

Huawei EulerOS: CVE-2024-47175: cups security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) huawei-euleros-2_0_sp12-upgrade-cups-libs References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 EulerOS-SA-2024-2947

FreeBSD: VID-24375796-7CBC-11EF-A3A9-001CC0382B2F (CVE-2024-47076): cups-filters -- remote code execution Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/29/2024 Modified 10/04/2024 Description CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. Solution(s) freebsd-upgrade-package-cups freebsd-upgrade-package-cups-filters References CVE-2024-47076

FreeBSD: VID-24375796-7CBC-11EF-A3A9-001CC0382B2F (CVE-2024-47175): cups-filters -- remote code execution Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/29/2024 Modified 10/04/2024 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) freebsd-upgrade-package-cups freebsd-upgrade-package-cups-filters References CVE-2024-47175

Alma Linux: CVE-2024-47076: Important: cups-filters security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/30/2024 Modified 10/04/2024 Description CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. Solution(s) alma-upgrade-cups-filters alma-upgrade-cups-filters-devel alma-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2024-47076 CVE - 2024-47076 https://errata.almalinux.org/8/ALSA-2024-7463.html https://errata.almalinux.org/9/ALSA-2024-7346.html

Cisco XE: CVE-2024-20464: Cisco IOS XE Software Protocol Independent Multicast Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 10/20/2024 Description A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20464 CVE - 2024-20464 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ cisco-sa-pim-APbVfySJ

Cisco XE: CVE-2024-20467: Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20467 CVE - 2024-20467 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO cisco-sa-cpp-vfr-dos-nhHKGgO

Cisco XE: CVE-2024-20436: Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20436 CVE - 2024-20436 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut cisco-sa-httpsrvr-dos-yOZThut

Debian: CVE-2024-7020: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/25/2024 Created 09/26/2024 Added 09/25/2024 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7020 CVE - 2024-7020 DSA-5668-1

Debian: CVE-2024-7024: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 09/26/2024 Added 09/25/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7024 CVE - 2024-7024 DSA-5710-1

Debian: CVE-2024-9123: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9123 CVE - 2024-9123 DSA-5775-1

Debian: CVE-2024-7018: chromium -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 09/26/2024 Added 09/25/2024 Modified 01/28/2025 Description Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7018 CVE - 2024-7018 DSA-5675-1

SUSE: CVE-2024-0133: SUSE Linux Security Advisory Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 09/26/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-0133 CVE - 2024-0133

Alma Linux: CVE-2024-47175: Important: cups-filters security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/30/2024 Modified 02/13/2025 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) alma-upgrade-cups alma-upgrade-cups-client alma-upgrade-cups-devel alma-upgrade-cups-filesystem alma-upgrade-cups-filters alma-upgrade-cups-filters-devel alma-upgrade-cups-filters-libs alma-upgrade-cups-ipptool alma-upgrade-cups-libs alma-upgrade-cups-lpd alma-upgrade-cups-printerapp References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://errata.almalinux.org/8/ALSA-2024-7463.html https://errata.almalinux.org/8/ALSA-2025-0083.html https://errata.almalinux.org/9/ALSA-2024-7346.html https://errata.almalinux.org/9/ALSA-2024-9470.html

Ubuntu: (Multiple Advisories) (CVE-2024-47176): cups-browsed vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 09/26/2024 Created 09/28/2024 Added 09/27/2024 Modified 11/15/2024 Description CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. Solution(s) ubuntu-pro-upgrade-cups-browsed ubuntu-pro-upgrade-cups-filters References https://attackerkb.com/topics/cve-2024-47176 CVE - 2024-47176 USN-7042-1 USN-7042-2 USN-7042-3 USN-7043-1 USN-7043-2 USN-7043-3 USN-7043-4 View more

Ubuntu: (Multiple Advisories) (CVE-2024-47076): cups-filters vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/26/2024 Created 09/28/2024 Added 09/27/2024 Modified 10/10/2024 Description CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. Solution(s) ubuntu-upgrade-cups-browsed ubuntu-upgrade-cups-filters ubuntu-upgrade-libcupsfilters2-common ubuntu-upgrade-libcupsfilters2t64 References https://attackerkb.com/topics/cve-2024-47076 CVE - 2024-47076 USN-7043-1 USN-7043-4 USN-7044-1

Huawei EulerOS: CVE-2024-47076: cups-filters security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. Solution(s) huawei-euleros-2_0_sp8-upgrade-cups-filters huawei-euleros-2_0_sp8-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2024-47076 CVE - 2024-47076 EulerOS-SA-2025-1118

SUSE: CVE-2024-0132: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 09/26/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-0132 CVE - 2024-0132

Alpine Linux: CVE-2024-47175: Improper Input Validation Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/26/2024 Created 09/28/2024 Added 09/27/2024 Modified 10/02/2024 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) alpine-linux-upgrade-cups References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://security.alpinelinux.org/vuln/CVE-2024-47175

FreeBSD: VID-24375796-7CBC-11EF-A3A9-001CC0382B2F (CVE-2024-47177): cups-filters -- remote code execution Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/29/2024 Modified 09/29/2024 Description CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. Solution(s) freebsd-upgrade-package-cups-filters References CVE-2024-47177

Rocky Linux: CVE-2024-47175: cups (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/13/2025 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) rocky-upgrade-cups rocky-upgrade-cups-client rocky-upgrade-cups-client-debuginfo rocky-upgrade-cups-debuginfo rocky-upgrade-cups-debugsource rocky-upgrade-cups-devel rocky-upgrade-cups-filters rocky-upgrade-cups-filters-debuginfo rocky-upgrade-cups-filters-debugsource rocky-upgrade-cups-filters-devel rocky-upgrade-cups-filters-libs rocky-upgrade-cups-filters-libs-debuginfo rocky-upgrade-cups-ipptool rocky-upgrade-cups-ipptool-debuginfo rocky-upgrade-cups-libs rocky-upgrade-cups-libs-debuginfo rocky-upgrade-cups-lpd rocky-upgrade-cups-lpd-debuginfo References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://errata.rockylinux.org/RLSA-2024:7346 https://errata.rockylinux.org/RLSA-2024:7463 https://errata.rockylinux.org/RLSA-2025:0083

CUPS: CVE-2024-47175: No IIP Sanitization or validation Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:P) Published 09/26/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/30/2024 Description Affecting libppd less than or equal to 2.1b1: ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD. Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

CUPS: CVE-2024-47177: Unvalidated UDP Binds Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 09/26/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/30/2024 Description Affecting cups-filters less than or equal to 2.0.1: foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter. Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2024-47177 CVE - 2024-47177 https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

Amazon Linux 2023: CVE-2024-47175: Important priority package update for cups-filters Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:P) Published 09/26/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way. The ppdCreatePPDFromIPP2 function in libppd doesn't properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file. Solution(s) amazon-linux-2023-upgrade-cups-filters amazon-linux-2023-upgrade-cups-filters-debuginfo amazon-linux-2023-upgrade-cups-filters-debugsource amazon-linux-2023-upgrade-cups-filters-devel amazon-linux-2023-upgrade-cups-filters-libs amazon-linux-2023-upgrade-cups-filters-libs-debuginfo References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://alas.aws.amazon.com/AL2023/ALAS-2024-718.html

Amazon Linux 2023: CVE-2024-47176: Medium priority package update for cups-filters Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/26/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way. A security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header. Solution(s) amazon-linux-2023-upgrade-cups-filters amazon-linux-2023-upgrade-cups-filters-debuginfo amazon-linux-2023-upgrade-cups-filters-debugsource amazon-linux-2023-upgrade-cups-filters-devel amazon-linux-2023-upgrade-cups-filters-libs amazon-linux-2023-upgrade-cups-filters-libs-debuginfo References https://attackerkb.com/topics/cve-2024-47176 CVE - 2024-47176 https://alas.aws.amazon.com/AL2023/ALAS-2024-723.html