CVE-2023-40112 — Out-of-bounds Read in External Libcups

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform External Libcups Platform Packages Services Builtinprintservice Google Android

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Androidplatform/packages_services_builtinprintservice11:0 — 11:2023-11-01

▶Androidplatform/external_libcups11:0 — 11:2023-11-01

▶CVEListV5google/android11

▶NVDgoogle/android11.0

▶googlegoogle/android

Patches

Patch: android.googlesource.com ↗Patch: source.android.com ↗Patch: android.googlesource.com ↗

🔴Vulnerability Details

GHSA

GHSA-7x96-4hxq-29v4: In ippSetValueTag of ipp↗2024-02-16

▶

OSV

CVE-2023-40112: In ippSetValueTag of ipp↗2023-11-01

▶

📋Vendor Advisories

Android

CVE-2023-40112: Android Security Bulletin 2023-11-01 CVE: CVE-2023-40112 Severity: HIGH Type: ID Affected AOSP versions: 11 References: A-168903843↗2023-11-01

▶