Updated: 2023-11-09 19:27:04.68715
Description:
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | cups | 1.4.2 | 7 | HIGH | Ignored | 2023-09-22 05:07:03 | |
| CentOS 8.4 ELS | cups | 2.2.6 | 7 | HIGH | Ignored | 2023-09-22 09:28:57 | |
| CentOS 8.5 ELS | cups | 2.2.6 | 7 | HIGH | Ignored | 2023-09-22 05:07:03 | |
| CloudLinux 6 ELS | cups | 1.4.2 | 7 | HIGH | Ignored | 2023-09-22 05:07:03 | |
| Oracle Linux 6 ELS | cups | 1.4.2 | 7 | HIGH | Ignored | 2023-09-22 05:07:03 | |
| Ubuntu 16.04 ELS | cups | 2.1.3-4 | 7 | HIGH | Released | CLSA-2023:1697575950 | 2023-10-17 17:07:12 |
| Ubuntu 18.04 ELS | cups | 2.2.7-1 | 7 | HIGH | Released | CLSA-2023:1697576053 | 2023-10-17 17:07:13 |