CUPS IPP Filter Vulnerability in Google Chrome OS
CVE-2017-15400

7.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Os Prior To 62.0.3202.74
Vendor
CVE Published:
7 February 2018

What is CVE-2017-15400?

A vulnerability in the CUPS (Common Unix Printing System) within Google Chrome OS versions prior to 62.0.3202.74 allows remote attackers to exploit insufficient restrictions on IPP filters. This can be done through manipulating a crafted Printer Description File (PPD), which may lead to the execution of arbitrary commands with the same privileges as the CUPS daemon. This security flaw poses significant risks to system integrity and highlights the importance of timely updates and patches.

Affected Version(s)

Google Chrome OS prior to 62.0.3202.74 Google Chrome OS prior to 62.0.3202.74

References

https://www.debian.org/security/2018/dsa-4243
vendor-advisoryx_refsource_DEBIAN
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC
https://crbug.com/777215
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-15400 : CUPS IPP Filter Vulnerability in Google Chrome OS