Updated: 2024-11-23 04:59:28.606403
Description:
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | cups | 2.3.3op2 | 7.0 | HIGH | In Testing | 2024-12-02 09:52:55 | ||
CentOS 6 ELS | cups | 1.4.2 | 7.0 | HIGH | Ignored | 2023-09-22 05:07:03 | ||
CentOS 7 ELS | cups | 1.6.3 | 7.0 | HIGH | Released | CLSA-2024:1720178510 | 2024-07-19 12:00:39 | |
CentOS 8.4 ELS | cups | 2.2.6 | 7.0 | HIGH | Ignored | 2023-09-22 09:28:57 | ||
CentOS 8.5 ELS | cups | 2.2.6 | 7.0 | HIGH | Ignored | 2023-09-22 05:07:03 | ||
CloudLinux 6 ELS | cups | 1.4.2 | 7.0 | HIGH | Ignored | 2023-09-22 05:07:03 | ||
Oracle Linux 6 ELS | cups | 1.4.2 | 7.0 | HIGH | Ignored | 2023-09-22 05:07:03 | ||
Ubuntu 16.04 ELS | cups | 2.1.3-4 | 7.0 | HIGH | Released | CLSA-2023:1697575950 | 2023-10-17 17:07:12 | |
Ubuntu 18.04 ELS | cups | 2.2.7-1 | 7.0 | HIGH | Released | CLSA-2023:1697576053 | 2023-10-17 17:07:13 |