OpenPrinting ippusbxd Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in OpenPrinting ippusbxd version 1.34. This vulnerability arises when a specially configured printer that supports IPP-over-USB is connected to a Linux system using ippusbxd. The issue occurs because the ippusbxd service, which runs with root privileges, improperly parses metadata from the printer, leading to a buffer overflow that can be exploited for arbitrary code execution. The vulnerability can be triggered by connecting a malicious device to the vulnerable system via USB.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code with elevated privileges.

Reproduction

The vulnerability can be reproduced by emulating a malicious printer using the Printer Application Framework (PAPPL) and connecting it to a Linux system with ippusbxd 1.34. The emulated printer must be configured to send a crafted 'media-size-supported' attribute that exceeds the expected length, triggering the buffer overflow when ippusbxd processes the printer's metadata.

Remediation

Users are advised to discontinue the use of ippusbxd and switch to ipp-usb, as recommended by the project's maintainers.