Bug 2238509 (CVE-2023-4504) - CVE-2023-4504 cups, libppd: Postscript Parsing Heap Overflow
Summary: CVE-2023-4504 cups, libppd: Postscript Parsing Heap Overflow
Keywords:
Status: NEW
Alias: CVE-2023-4504
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2239850 2239851 2239852
Blocks: 2238512
TreeView+ depends on / blocked
 
Reported: 2023-09-12 10:07 UTC by ybuenos
Modified: 2023-11-09 17:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in OpenPrinting CUPS. The security flaw occurs due to failure in validating the length provided by an attacker-crafted CUPS document, possibly leading to a heap-based buffer overflow and code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description ybuenos 2023-09-12 10:07:17 UTC 
Due to failure in validating the length provided by an attacker-crafted CUPS document, CUPS version v2.5b1 and prior, by default, is susceptible 
to a heap-based buffer overflow, and possibly code execution. This CVE appears to be an instance of CWE-122, a heap-based buffer overflow.
Comment 4 Sandipan Roy 2023-09-20 14:00:49 UTC 
Created cups tracking bugs for this issue:

Affects: fedora-37 [bug 2239851]
Affects: fedora-38 [bug 2239852]


Created libppd tracking bugs for this issue:

Affects: fedora-38 [bug 2239850]
Note You need to log in before you can comment on or make changes to this bug.