Comment 0 for bug 2038796

Revision history for this message
Yue Tao (wrytao) wrote : [Debian] High CVE: CVE-2023-4504 cups: are susceptible to a heap-based buffer overflow

CVE-2023-4504: https://nvd.nist.gov/vuln/detail/CVE-2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Base Score: High

Reference:

['libcups2_2.3.3op2-3+deb11u2_amd64.deb===>libcups2_2.3.3op2-3+deb11u4_amd64.deb']