PT-2023-5738 · Cups+7 · Cups+7

Todb

Publicado

2023-07-27

Atualizado

2025-11-13

CVE-2023-4504

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.4.7

Description The issue is related to a failure in validating the length provided by an attacker-crafted PPD PostScript document, making CUPS and libppd susceptible to a heap-based buffer overflow and possibly code execution. This can be exploited by an attacker to potentially elevate privileges and execute arbitrary code.

Recommendations For versions prior to 2.4.7, update to CUPS version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting the processing of PPD PostScript documents to minimize the risk of exploitation.

Exploit

Correção

DoS

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

ALT-PU-2023-5988

ALT-PU-2023-5990

ALT-PU-2023-6178

ALT-PU-2023-6721

ALT-PU-2024-4621

AZL-37075

AZL-37100

BDU:2023-06408

CVE-2023-4504

DLA-3594-1

GHSA-4F65-6PH5-QWH6

GHSA-PF5R-86W9-678H

MGASA-2023-0284

OESA-2023-1703

OESA-2023-1704

OESA-2023-1705

OESA-2023-1734

OESA-2023-1752

OPENSUSE-SU-2023_3707-1

OPENSUSE-SU-2024:13250-1

ROSA-SA-2024-2320

SUSE-SU-2023:3706-1

SUSE-SU-2023:3707-1

SUSE-SU-2023:3707-2

SUSE-SU-2023_3706-1

SUSE-SU-2023_3707-1

SUSE-SU-2025:20090-1

USN-6391-1

USN-6391-2

USN-6392-1

Produtos afetados

Alt Linux

Astra Linux

Cups

Linuxmint

Apple Macos

Red Os

Suse

Ubuntu

PT-2023-5738 · Cups+7 · Cups+7

CVE-2023-4504

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 85