VDB

ALPINE-CVE-2023-4504

ALPINE-CVE-2023-4504 PUBLISHED CVSS 7 HIGH

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Risk Scores

CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.24cups0
Alpine:v3.23cups0, 1.4.1-r0, 1.4.2-r1
Alpine:v3.18cups2.4.2-r7, 0, 1.4.1-r0
Alpine:v3.20cups1.4.6-r0, 1.4.1-r0, 1.4.2-r0
Alpine:v3.21cups0, 0, 1.4.1-r0
Alpine:v3.17cups0, 0, 2.4.2-r3
Alpine:v3.22cups1.4.1-r0, 1.4.8-r0, 2.2.12-r1
Alpine:v3.19cups0, 0, 2.4.6-r0

Timeline

  • Sep 21, 2023 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›