Home > Vulnerability Database > CVE-2023-4504

Mend.io Vulnerability Database

CVE-2023-4504

Date: September 21, 2023

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Language: C

Severity Score

7.0

Related Resources (16)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4504

Url: https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h

Url: https://github.com/OpenPrinting/cups/releases/tag/v2.4.7

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/

Url: https://github.com/OpenPrinting/libppd/commit/262c909ac5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/

Url: https://security.alpinelinux.org/vuln/CVE-2023-4504

Url: https://takeonme.org/cves/CVE-2023-4504.html

Url: https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/

Url: https://security-tracker.debian.org/tracker/CVE-2023-4504

Url: https://seclists.org/oss-sec/2023/q3/198

Url: https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-4504

Severity Score

7.0

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4504

Date: September 21, 2023

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?