CVE-2023-4504

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4504
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4504.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4504
Related
Published
2023-09-21T23:15:12Z
Modified
2024-12-05T15:35:32.069429Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

References

Affected packages

Alpine:v3.17 / cups

Package

Name
cups
Purl
pkg:apk/alpine/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-r0

Affected versions

1.*

1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.2-r2
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.4.8-r0
1.5.0-r0
1.5.0-r1
1.5.0-r2
1.5.2-r0
1.5.2-r1
1.5.2-r2
1.5.2-r3
1.5.3-r0
1.5.4-r0
1.5.4-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.4-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.3-r1
1.7.4-r0
1.7.5-r0

2.*

2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.2-r1
2.0.2-r2
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.1.4-r0
2.2.1-r0
2.2.1-r1
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.5-r1
2.2.6-r0
2.2.9-r0
2.2.10-r0
2.2.11-r0
2.2.12-r0
2.2.12-r1
2.2.12-r2
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.3.3-r4
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.2-r1
2.4.2-r2
2.4.2-r3

Alpine:v3.18 / cups

Package

Name
cups
Purl
pkg:apk/alpine/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-r0

Affected versions

1.*

1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.2-r2
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.4.8-r0
1.5.0-r0
1.5.0-r1
1.5.0-r2
1.5.2-r0
1.5.2-r1
1.5.2-r2
1.5.2-r3
1.5.3-r0
1.5.4-r0
1.5.4-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.4-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.3-r1
1.7.4-r0
1.7.5-r0

2.*

2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.2-r1
2.0.2-r2
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.1.4-r0
2.2.1-r0
2.2.1-r1
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.5-r1
2.2.6-r0
2.2.9-r0
2.2.10-r0
2.2.11-r0
2.2.12-r0
2.2.12-r1
2.2.12-r2
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.3.3-r4
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.2-r1
2.4.2-r2
2.4.2-r3
2.4.2-r4
2.4.2-r5
2.4.2-r6
2.4.2-r7
2.4.3-r0
2.4.3-r1
2.4.4-r0
2.4.5-r0
2.4.6-r0

Alpine:v3.19 / cups

Package

Name
cups
Purl
pkg:apk/alpine/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-r0

Affected versions

1.*

1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.2-r2
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.4.8-r0
1.5.0-r0
1.5.0-r1
1.5.0-r2
1.5.2-r0
1.5.2-r1
1.5.2-r2
1.5.2-r3
1.5.3-r0
1.5.4-r0
1.5.4-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.4-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.3-r1
1.7.4-r0
1.7.5-r0

2.*

2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.2-r1
2.0.2-r2
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.1.4-r0
2.2.1-r0
2.2.1-r1
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.5-r1
2.2.6-r0
2.2.9-r0
2.2.10-r0
2.2.11-r0
2.2.12-r0
2.2.12-r1
2.2.12-r2
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.3.3-r4
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.2-r1
2.4.2-r2
2.4.2-r3
2.4.2-r4
2.4.2-r5
2.4.2-r6
2.4.2-r7
2.4.3-r0
2.4.3-r1
2.4.4-r0
2.4.5-r0
2.4.6-r0

Alpine:v3.20 / cups

Package

Name
cups
Purl
pkg:apk/alpine/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-r0

Affected versions

1.*

1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.2-r2
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.4.8-r0
1.5.0-r0
1.5.0-r1
1.5.0-r2
1.5.2-r0
1.5.2-r1
1.5.2-r2
1.5.2-r3
1.5.3-r0
1.5.4-r0
1.5.4-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.4-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.3-r1
1.7.4-r0
1.7.5-r0

2.*

2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.2-r1
2.0.2-r2
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.1.4-r0
2.2.1-r0
2.2.1-r1
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.5-r1
2.2.6-r0
2.2.9-r0
2.2.10-r0
2.2.11-r0
2.2.12-r0
2.2.12-r1
2.2.12-r2
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.3.3-r4
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.2-r1
2.4.2-r2
2.4.2-r3
2.4.2-r4
2.4.2-r5
2.4.2-r6
2.4.2-r7
2.4.3-r0
2.4.3-r1
2.4.4-r0
2.4.5-r0
2.4.6-r0

Alpine:v3.21 / cups

Package

Name
cups
Purl
pkg:apk/alpine/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-r0

Affected versions

1.*

1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.2-r2
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.6-r0
1.4.7-r0
1.4.8-r0
1.5.0-r0
1.5.0-r1
1.5.0-r2
1.5.2-r0
1.5.2-r1
1.5.2-r2
1.5.2-r3
1.5.3-r0
1.5.4-r0
1.5.4-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.4-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.3-r1
1.7.4-r0
1.7.5-r0

2.*

2.0.0-r0
2.0.1-r0
2.0.2-r0
2.0.2-r1
2.0.2-r2
2.0.3-r0
2.0.4-r0
2.1.0-r0
2.1.1-r0
2.1.2-r0
2.1.3-r0
2.1.3-r1
2.1.4-r0
2.2.1-r0
2.2.1-r1
2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.5-r0
2.2.5-r1
2.2.6-r0
2.2.9-r0
2.2.10-r0
2.2.11-r0
2.2.12-r0
2.2.12-r1
2.2.12-r2
2.3.3-r0
2.3.3-r1
2.3.3-r2
2.3.3-r3
2.3.3-r4
2.4.0-r0
2.4.1-r0
2.4.1-r1
2.4.2-r0
2.4.2-r1
2.4.2-r2
2.4.2-r3
2.4.2-r4
2.4.2-r5
2.4.2-r6
2.4.2-r7
2.4.3-r0
2.4.3-r1
2.4.4-r0
2.4.5-r0
2.4.6-r0

Debian:11 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.3op2-3+deb11u4

Affected versions

2.*

2.3.3op2-3+deb11u1
2.3.3op2-3+deb11u2
2.3.3op2-3+deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-3+deb12u2

Affected versions

2.*

2.4.2-3
2.4.2-3+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-6

Affected versions

2.*

2.4.2-3
2.4.2-4
2.4.2-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openprinting/cups

Affected ranges

Type
GIT
Repo
https://github.com/openprinting/cups
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*

v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2b1
v2.2b2
v2.2rc1
v2.3.0
v2.3.1
v2.3.3
v2.3.3op1
v2.3.3op2
v2.3b1
v2.3b2
v2.3b3
v2.3b4
v2.3b5
v2.3b6
v2.3b7
v2.3b8
v2.3rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4b1
v2.4rc1