CVE-2024-47175: 
Rocky Linux vulnerability analysis and mitigation

CUPS is a standards-based, open-source printing system, and libppd can be used for legacy PPD file support. The vulnerability (CVE-2024-47175) exists in the libppd function ppdCreatePPDFromIPP2 which does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, this can result in user-controlled input and ultimately code execution via Foomatic. The vulnerability was discovered in September 2024 and affects libppd versions <= 2.1b1 (GitHub Advisory, NVD).

The vulnerability stems from the lack of input validation in the ppdCreatePPDFromIPP2 function within libppd. When creating PPD (PostScript Printer Description) files, the function fails to properly sanitize IPP (Internet Printing Protocol) attributes. This vulnerability has a CVSS v3.1 Base Score of 8.6 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N. The issue is classified as CWE-20 (Improper Input Validation) (NVD, GitHub Advisory).

When exploited, this vulnerability can allow an attacker to inject controlled data into the PPD file, which can lead to code execution through the Foomatic printing system. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176 (NVD, GitHub Advisory).

For Debian 11 bullseye, this issue has been fixed in version 2.3.3op2-3+deb11u9. Ubuntu has also released fixes for various versions: noble (24.04 LTS) - fixed in 2:2.0.0-0ubuntu4.1, while jammy (22.04 LTS), focal (20.04 LTS), bionic (18.04 LTS), and xenial (16.04 LTS) are marked as not affected (Debian Advisory, Ubuntu Security).

The vulnerability has generated significant discussion in the security community, particularly regarding the broader implications for UNIX printing systems. Red Hat has acknowledged the vulnerability as part of a group of CUPS-related security issues and rated them with a severity impact of Important (Red Hat Blog).