A heap-based buffer overflow was discovered in in libcups's ppdFindOption() function in ppd-mark.c:430. The issue can be reproduced by loading a crafted ppd file and calling the ppdMarkDefaults() libcups API function.
Acknowledgments: Name: Apple Product Security Upstream: Stephan Zeisberg (Security Research Labs)
Public: https://support.apple.com/en-us/HT211100
Created cups tracking bugs for this issue: Affects: fedora-all [bug 1826330]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4469 https://access.redhat.com/errata/RHSA-2020:4469
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-3898