OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
CVE-2023-4504

7HIGH

Key Information:

Vendor

Openprinting

Status
Cups
Libppd
Vendor
CVE Published:
21 September 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-4504?

An issue has been identified within CUPS and libppd where the validation process of the length specified by an attacker-controlled PPD PostScript document is insufficient, leading to a heap-based buffer overflow. This flaw may enable an attacker to execute arbitrary code on the affected systems. The issue has been addressed in CUPS version 2.4.7, released in September 2023, which mitigates the vulnerability and enhances the overall security of the software.

Affected Version(s)

CUPS 0 < 2.4.6

libppd 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CUPS-Exploit
Created by djjohnson565

References

https://takeonme.org/cves/CVE-2023-4504.html
technical-descriptionthird-party-advisory
https://github.com/OpenPrinting/libppd/security/advisorie...
vendor-advisory
https://github.com/OpenPrinting/cups/security/advisories/...
vendor-advisory

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

zenofex
WanderingGlitch
Austin Hackers Anonymous!
.