CVE-2023-4504
moderate-risk
Published 2023-09-21
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10
High
LOCAL
/ HIGH complexity
Affected Products (6)
Affected Vendors
References (21)
Release Notes
https://github.com/OpenPrinting/cups/releases/tag/v2.4.7
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Release Notes
https://github.com/OpenPrinting/cups/releases/tag/v2.4.7
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
and 1 more references
31
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
13/34 · Low