#VU80932 Off-by-one in cups


Published: 2023-09-20

Vulnerability identifier: #VU80932

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4504

CWE-ID: CWE-193

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cups
Server applications / Other server solutions

Vendor: OpenPrinting

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error when parsing Postscript objects within the scan_ps() function in cups/raster-interpret.c. A remote attacker can trigger pass a specially crafted PPD file to the affected application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cups: 2.2.0 - 2.4.6

External links
http://seclists.org/oss-sec/2023/q3/198
http://github.com/OpenPrinting/cups/commit/2431caddb7e6
http://takeonme.org/cves/CVE-2023-4504.html
http://github.com/OpenPrinting/cups/releases/tag/v2.4.7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for CUPS
Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
Dell EMC Cloud Tiering Appliance update for third-party software
Amazon Linux AMI update for cups
openEuler 22.03 LTS update for cups
SUSE update for cups
Oracle Solaris update for thrid-party components
openEuler 20.03 LTS SP3 update for cups
openEuler 22.03 LTS SP2 update for cups
openEuler 22.03 LTS SP1 update for cups