CVE-2023-4504

Name	CVE-2023-4504
Description	Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3594-1, ELA-978-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
cups (PTS)	jessie, jessie (lts)	1.7.5-11+deb8u12	fixed
	stretch (security)	2.2.1-8+deb9u8	vulnerable
	stretch (lts), stretch	2.2.1-8+deb9u12	fixed
	buster, buster (lts)	2.2.10-6+deb10u11	fixed
	buster (security)	2.2.10-6+deb10u10	fixed
	bullseye	2.3.3op2-3+deb11u8	fixed
	bullseye (security)	2.3.3op2-3+deb11u9	fixed
	bookworm (security), bookworm	2.4.2-3+deb12u8	fixed
	sid, trixie	2.4.10-2	fixed
libppd (PTS)	jessie	2:0.10-7.2	fixed
	buster, bullseye, stretch	2:0.10-7.3	fixed
	bookworm	2:0.10-9	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
cups	source	jessie	1.7.5-11+deb8u12	ELA-978-1
cups	source	stretch	2.2.1-8+deb9u11	ELA-978-1
cups	source	buster	2.2.10-6+deb10u9	DLA-3594-1
cups	source	bullseye	2.3.3op2-3+deb11u4
cups	source	bookworm	2.4.2-3+deb12u2
cups	source	(unstable)	2.4.2-6
libppd	source	(unstable)	(not affected)

Notes

- libppd <not-affected> (Vulnerable code introduced later)
https://www.openwall.com/lists/oss-security/2023/09/20/3
https://takeonme.org/cves/CVE-2023-4504.html
Fixed by: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 (v2.4.7)
Introduced after: https://github.com/OpenPrinting/libppd/commit/fae71641faa2d778e79245b788a90c0cd5d2cb4b (2.0b1)
Fixed by: https://github.com/OpenPrinting/libppd/commit/262c909ac5b8676d1c221584c5a760e5e83fae66