Approved changes feed: RSS · Atom

cpe:2.3:a:openprinting:libppd:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorOpenprinting (93a57ef6-4097-59be-aade-33c84577f500)
ProductLibppd (cff8db10-f87e-58a6-91ba-f9f366007ed3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-47175 vulnerable 2026-06-08 06:48:11.534882 libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
HIGH (8.6)
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Published: 2024-09-26T21:18:25.265Z
Updated: 2025-11-03T22:20:02.661Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-4504 vulnerable 2026-06-08 06:16:12.826412 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Published: 2023-09-21T22:47:41.879Z
Updated: 2025-11-04T16:10:38.138Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.