Vulnerability Details CVE-2023-24805
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.092
EPSS Ranking 92.3%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
- https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/
- https://security.gentoo.org/glsa/202401-06
- https://www.debian.org/security/2023/dsa-5407
- https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
- https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/
- https://security.gentoo.org/glsa/202401-06
- https://www.debian.org/security/2023/dsa-5407
Products affected by CVE-2023-24805
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.10
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.11
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.12
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.13
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.14
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.15
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.16
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.17
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.18
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.19
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.20
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.21
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.22
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.23
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.24
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.25
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.26
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.27
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.28
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.29
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.30
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.31
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.32
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.33
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.34
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.35
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.36
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.37
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.38
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.39
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.40
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.41
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.42
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.43
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.44
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.45
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.46
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.47
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.48
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.49
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.50
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.51
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.52
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.53
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.54
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.55
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.56
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.57
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.58
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.59
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.60
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.61
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.62
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.63
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.64
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.65
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.66
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.67
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.68
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.69
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.7
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.70
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.71
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.72
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.73
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.74
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.75
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.76
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.8
-
cpe:2.3:a:linuxfoundation:cups-filters:1.0.9
-
cpe:2.3:a:linuxfoundation:cups-filters:1.051
-
cpe:2.3:a:linuxfoundation:cups-filters:1.052
-
cpe:2.3:a:linuxfoundation:cups-filters:1.053
-
cpe:2.3:a:linuxfoundation:cups-filters:1.054
-
cpe:2.3:a:linuxfoundation:cups-filters:1.1.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.10.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.11.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.12.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.13.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.14.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.14.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.15.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.16.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.16.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.16.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.16.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.16.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.7
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.8
-
cpe:2.3:a:linuxfoundation:cups-filters:1.17.9
-
cpe:2.3:a:linuxfoundation:cups-filters:1.18.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.19.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.2.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.20.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.20.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.20.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.20.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.20.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.21.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.22.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.23.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.24.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.10
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.11
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.12
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.13
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.7
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.8
-
cpe:2.3:a:linuxfoundation:cups-filters:1.25.9
-
cpe:2.3:a:linuxfoundation:cups-filters:1.26.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.26.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.26.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.27.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.10
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.11
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.12
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.13
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.14
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.15
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.16
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.17
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.4
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.5
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.6
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.7
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.8
-
cpe:2.3:a:linuxfoundation:cups-filters:1.28.9
-
cpe:2.3:a:linuxfoundation:cups-filters:1.3.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.4.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.5.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.6.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.7.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.8.0
-
cpe:2.3:a:linuxfoundation:cups-filters:1.8.1
-
cpe:2.3:a:linuxfoundation:cups-filters:1.8.2
-
cpe:2.3:a:linuxfoundation:cups-filters:1.8.3
-
cpe:2.3:a:linuxfoundation:cups-filters:1.9.0
-
cpe:2.3:a:linuxfoundation:cups-filters:2.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:fedoraproject:fedora:38