CVE-2023-4504
published 2023-09-21CVE-2023-4504: Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer…
high7CVSS 3.1
AVLACHPRNUIRSUCHIHAH
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.3.3op2-3+deb11u4 | 2.3.3op2-3+deb11u4 |
| apple | cups | >= 0 < 2.4.2-3+deb12u2 | 2.4.2-3+deb12u2 |
| apple | cups | >= 0 < 2.4.2-6 | 2.4.2-6 |
| apple | cups | >= 0 < 2.4.2-6 | 2.4.2-6 |
| apple | macos_sequoia | — | — |
| debian | cups | < cups 2.4.2-3+deb12u2 (bookworm) | cups 2.4.2-3+deb12u2 (bookworm) |
| debian | debian_linux | — | — |
| debian | libppd | < cups 2.4.2-3+deb12u2 (bookworm) | cups 2.4.2-3+deb12u2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | azl3_cups_2.3.3op2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_cups_2.4.10-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_cups_2.3.3op2-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-9_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| openprinting | cups | < 2.4.6 | 2.4.6 |
| openprinting | cups | < 2.4.7 | 2.4.7 |
| openprinting | libppd | < d09348b | d09348b |
| openprinting | libppd | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.0HIGH