Due to failure in validating the length provided by an attacker-crafted CUPS document, CUPS version v2.5b1 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution. This CVE appears to be an instance of CWE-122, a heap-based buffer overflow.
Created cups tracking bugs for this issue: Affects: fedora-37 [bug 2239851] Affects: fedora-38 [bug 2239852] Created libppd tracking bugs for this issue: Affects: fedora-38 [bug 2239850]