发布于3月6日3月6日 Members CUPS: CVE-2024-47175: No IIP Sanitization or validation Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:P) Published 09/26/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/30/2024 Description Affecting libppd less than or equal to 2.1b1: ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD. Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。