DEBIAN-CVE-2023-4504

DEBIAN-CVE-2023-4504 PUBLISHED CVSS 7 HIGH

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	cups	2.4.2-3+deb12u1, 0, 0
Debian:14	cups	0, 0, 0
Debian:13	cups	0, 0, 0
Debian:11	cups	*, 2.3.3op2-3+deb11u2, 2.3.3

Exploit Intelligence

Heap-based buffer overflow example based on CVE-2023-4504 (github-poc-repo)
Heap-based buffer overflow example based on CVE-2023-4504 (github-poc)
macos_v2_generated.go (github-poc)
macos_v1_generated.go (github-poc)

Timeline

Sep 21, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-4504 advisory

Open in Interactive Console →