Buffer overflow in Openprinting Cups
CVE-2023-4504
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7…
Vulnerability class: Buffer Overflow
EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.
Affected products
- Openprinting Cups — versions 0
- Openprinting Libppd — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- takeonme.org/cves/CVE-2023-4504.html (technical-description, third-party-advisory)
- github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6 (vendor-advisory)
- github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h (vendor-advisory)
- github.com/OpenPrinting/cups/releases/tag/v2.4.7 (release-notes)
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.debian.org/debian-lts-announce/2023/09/msg00041.html
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
Frequently asked questions
- What is CVE-2023-4504?
- CVE-2023-4504 is a vulnerability in Openprinting Cups, classified under Heap-based Buffer Overflow. Published 2023-09-21.
- Is CVE-2023-4504 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.