CVE-2023-4504

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.4.7

Description The issue is related to a failure in validating the length provided by an attacker-crafted PPD PostScript document, making CUPS and libppd susceptible to a heap-based buffer overflow and possibly code execution. This can be exploited by an attacker to potentially elevate privileges and execute arbitrary code.

Recommendations For versions prior to 2.4.7, update to CUPS version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting the processing of PPD PostScript documents to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2023-5988

ALT-PU-2023-5990

ALT-PU-2023-6178

ALT-PU-2023-6721

ALT-PU-2024-4621

AZL-37075

AZL-37100

BDU:2023-06408

CVE-2023-4504

DLA-3594-1

GHSA-4F65-6PH5-QWH6

GHSA-PF5R-86W9-678H

MGASA-2023-0284

OESA-2023-1703

OESA-2023-1704

OESA-2023-1705

OESA-2023-1734

OESA-2023-1752

OPENSUSE-SU-2023_3707-1

OPENSUSE-SU-2024:13250-1

ROSA-SA-2024-2320

SUSE-SU-2023:3706-1

SUSE-SU-2023:3707-1

SUSE-SU-2023:3707-2

SUSE-SU-2023_3706-1

SUSE-SU-2023_3707-1

SUSE-SU-2025:20090-1

USN-6391-1

USN-6391-2

USN-6392-1

Affected Products

Alt Linux

Astra Linux

Cups

Linuxmint

Apple Macos

Red Os

Suse

Ubuntu

CVE-2023-4504

Weakness Enumeration

Related Identifiers

Affected Products

References · 85