CVE-2023-24040

Name of the Vulnerable Software and Affected Versions Common Desktop Environment version 1.6

Description The issue is related to a bug in the parser of lpstat, an external command invoked by dtprintinfo, which occurs during the listing of available printer names. This bug allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file, enabling them to manipulate control flow and disclose memory contents on Solaris 10 systems. It's noted that this vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For Common Desktop Environment version 1.6, as the product is no longer supported by the maintainer, there is no information about a newer version that contains a fix for this issue.