DEBIAN-CVE-2023-4504

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-4504
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-4504.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-4504
Upstream
Published
2023-09-21T23:15:12Z
Modified
2025-09-19T07:34:54.217648Z
Summary
[none]
Details

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

References

Affected packages

Debian:11 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.3op2-3+deb11u4

Affected versions

2.*

2.3.3op2-3+deb11u1
2.3.3op2-3+deb11u2
2.3.3op2-3+deb11u3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-3+deb12u2

Affected versions

2.*

2.4.2-3
2.4.2-3+deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / cups

Package

Name
cups
Purl
pkg:deb/debian/cups?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}