CVE-2023-4504

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4504
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4504.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4504
Downstream
Related
Published
2023-09-21T23:15:12.293Z
Modified
2026-04-02T09:26:09.817274Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

References

Affected packages

Git / github.com/openprinting/cups

Affected ranges

Type
GIT
Repo
https://github.com/openprinting/cups
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3a4d9204e5818e5d0b8f1e0e50832661209048ee
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/openprinting/libppd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
98aca6cb5ceafa3a652ea21e3910318bdbe42e18
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0-rc2"
        }
    ]
}

Affected versions

2.*
2.0b1
2.0b2
2.0b3
2.0b4
2.0rc1
2.0rc2
release-1.*
release-1.6.3
release-1.6.4
release-1.7.0
release-1.7.1
release-1.7.2
release-1.7.3
release-1.7.4
release-1.7.5
release-1.7rc1
release-2.*
release-2.0.0
release-2.0.1
release-2.0.2
release-2.0.3
release-2.0.4
release-2.0b1
release-2.0rc1
release-2.1.0
release-2.1.2
release-2.1.3
release-2.1.4
release-2.1b1
release-2.1rc1
v2.*
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2b1
v2.2b2
v2.2rc1
v2.3.0
v2.3.1
v2.3.3
v2.3.3op1
v2.3.3op2
v2.3b1
v2.3b2
v2.3b3
v2.3b4
v2.3b5
v2.3b6
v2.3b7
v2.3b8
v2.3rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4b1
v2.4rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4504.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]