Vulnerabilities > CVE-2023-4504 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.0 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Vulnerable Configurations

Part Description Count
Application
Openprinting
194
OS
Fedoraproject
3
OS
Debian
1

Common Weakness Enumeration (CWE)

References