A heap-based buffer overflow was discovered in in libcups's ppdFindOption() function in ppd-mark.c:430. The issue can be reproduced by loading a crafted ppd file and calling the ppdMarkDefaults() libcups API function.
Name: Apple Product Security
Upstream: Stephan Zeisberg (Security Research Labs)
Created cups tracking bugs for this issue:
Affects: fedora-all [bug 1826330]