Vulnerability CVE-2023-4504: Information
Description
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cups | sisyphus | 2.4.7-alt1 | 2.4.8-alt1 | ALT-PU-2023-5990-2 | 330606 | Fixed |
cups | sisyphus_e2k | 2.4.7-alt1 | 2.4.8-alt1 | ALT-PU-2023-6047-1 | - | Fixed |
cups | sisyphus_riscv64 | 2.4.7-alt1 | 2.4.8-alt1 | ALT-PU-2023-6064-1 | - | Fixed |
cups | p10 | 2.4.7-alt2 | 2.4.7-alt2 | ALT-PU-2023-6721-2 | 333093 | Fixed |
cups | p10_e2k | 2.4.7-alt2 | 2.4.7-alt2 | ALT-PU-2023-7157-1 | - | Fixed |
cups | c10f1 | 2.4.7-alt2 | 2.4.7-alt2 | ALT-PU-2024-4621-3 | 343721 | Fixed |
cups | c9f2 | 2.4.7-alt1 | 2.4.7-alt1 | ALT-PU-2023-6178-3 | 331117 | Fixed |
libppd | sisyphus | 2.0.0-alt1 | 2.0.0-alt1 | ALT-PU-2023-5988-2 | 330587 | Fixed |
libppd | sisyphus_e2k | 2.0.0-alt1 | 2.0.0-alt1 | ALT-PU-2023-6037-1 | - | Fixed |
libppd | sisyphus_riscv64 | 2.0.0-alt1 | 2.0.0-alt1 | ALT-PU-2023-6062-1 | - | Fixed |