OpenPrinting CUPS vulnerable to heap buffer overflow
CVE-2023-32324

7.5HIGH

Key Information:

Vendor: Openprinting
Status: Cups
Vendor: CVE Published:; 1 June 2023

Summary

OpenPrinting CUPS, an open-source printing system, is susceptible to a heap buffer overflow vulnerability in versions 2.4.2 and prior. This flaw is found in the format_log_line function, which could enable a remote attacker to execute a denial of service (DoS) attack. The vulnerability becomes exploitable when the configuration file cupsd.conf has the loglevel set to DEBUG. As of now, there are no reported patches or workarounds available to mitigate this issue, leaving systems exposed.

Affected Version(s)

cups <= 2.4.2

References

https://github.com/OpenPrinting/cups/security/advisories/...

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2023/06/msg0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 1, 2023
Vulnerability Reserved
May 8, 2023