@BrodieOnLinux even though the ends do not justify the means (calling the severity a 9.9) we are all a little safer because someone found this exploit and reported it. Margaritelli owned up to the misclassification as well according to El Reg:
'Margaritelli said he thinks 9.9 is too high, too.
"Impact-wise I wouldn’t classify it as a 9.9, but then again, what the hell do I know?" he wrote.'
https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/