Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Related bugs and status

CVE-2023-4504 (Candidate) is related to these bugs:

Bug #2038796: [Debian] High CVE: CVE-2023-4504/CVE-2023-32324/CVE-2023-32360/CVE-2023-34241 cups: multiple CVEs

Summary				In	Importance	Status
	2038796	[Debian] High CVE: CVE-2023-4504/CVE-2023-32324/CVE-2023-32360/CVE-2023-34241 cups: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/Ope...
MISC: https://github.com/Ope...
MISC: https://github.com/Ope...
MISC: https://takeonme.org/c...
FEDORA: FEDORA-2023-00484b4120
FEDORA: FEDORA-2023-351208aa08
FEDORA: FEDORA-2023-96519dc6fd
FEDORA: FEDORA-2023-52aa3d1a4f
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2023-904f92af98