OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
CVE-2023-4504

7HIGH

Key Information:

Vendor
Openprinting
Status
Cups
Libppd
Vendor
CVE Published:
21 September 2023

Summary

An issue has been identified within CUPS and libppd where the validation process of the length specified by an attacker-controlled PPD PostScript document is insufficient, leading to a heap-based buffer overflow. This flaw may enable an attacker to execute arbitrary code on the affected systems. The issue has been addressed in CUPS version 2.4.7, released in September 2023, which mitigates the vulnerability and enhances the overall security of the software.

Affected Version(s)

CUPS 0 < 2.4.6

libppd 0

References

https://takeonme.org/cves/CVE-2023-4504.html
technical-descriptionthird-party-advisory
https://github.com/OpenPrinting/libppd/security/advisorie...
vendor-advisory
https://github.com/OpenPrinting/cups/security/advisories/...
vendor-advisory

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zenofex
WanderingGlitch
Austin Hackers Anonymous!
.
CVE-2023-4504 : OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow | SecurityVulnerability.io