{"id":"ASB-A-168903843","details":"In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-168903843","CVE-2023-40112"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/d7cb53cb5b47f4afdb84cb0e161d84fdc2c32ce7"}],"affected":[{"package":{"name":"platform/external/libcups","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-11-01","vanir_signatures":[{"target":{"file":"scheduler/printers.c"},"signature_type":"Line","id":"ASB-A-168903843-4f0954cb","deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","digest":{"threshold":0.9,"line_hashes":["212880962577812786611223447384845183276","28856921957931201723531139662863044305","174019200493641912953846062801351655305","129263983058088753412700699505001336960"]},"signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["289438216394548883769431888293979776272","309810957916046623177773561727519206897","162328195738166143545556550990671187660","185285991301393324361085810940698628030","256835891838219664650650611579869355810","178416588026499416015711056342659341225","226585750227673210747170324023124101571","211681707957472330063583410470833976709","1821810811401740206379067245313239758","142262119233670541338362375629863796115","284795482300010125694010954922654624503","52922224298618150695965942835094756149"]},"id":"ASB-A-168903843-56324dfe","target":{"file":"ppdc/ppdc-source.cxx"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","signature_type":"Line","signature_version":"v1"},{"target":{"file":"cups/cups-private.h"},"id":"ASB-A-168903843-5e47b05f","digest":{"threshold":0.9,"line_hashes":["340226112084769290609857559038050308221","164510363457194188507457219014599241610","319884012443562824073855725723278373164","316012690218399866435727670801406864314"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","signature_type":"Line","signature_version":"v1"},{"target":{"file":"cups/getifaddrs.c"},"signature_type":"Line","id":"ASB-A-168903843-5e736489","deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","digest":{"threshold":0.9,"line_hashes":["153524584723429585073972308261048820571"]},"signature_version":"v1"},{"target":{"file":"ppdc/ppdc-source.cxx","function":"ppdcSource::get_resolution"},"id":"ASB-A-168903843-70d1c080","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","digest":{"length":1883,"function_hash":"248450636535144815704141608806865063183"},"signature_version":"v1"},{"target":{"file":"locale/ipp-strings.c"},"id":"ASB-A-168903843-a778419c","digest":{"threshold":0.9,"line_hashes":["331078716574778563796308073881548429280","75024167428607359142578985838284990514","229857158993383686233042494995488163640","278519157061902772649252033288628687388","52568802536491772877914028048765287409","109812927043473727675350539853680461773","247090710083023544742521439532381244639","104249324772050330345033926081141512606","324307402251801713402400091483748426742","69980987335137389345671975250085329932","54332841286734630537973701061486718700","260154270448791752256825467308298507094"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","signature_type":"Line","signature_version":"v1"},{"target":{"function":"cupsdCreateCommonData","file":"scheduler/printers.c"},"signature_type":"Function","id":"ASB-A-168903843-cc483089","deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","digest":{"length":13349,"function_hash":"225179490076466687964734033945260745752"},"signature_version":"v1"},{"target":{"file":"cups/cups.h"},"id":"ASB-A-168903843-feb79606","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b","digest":{"threshold":0.9,"line_hashes":["113054326299873164591420037735852371929","213536834932752455539975659776376818423","11271020889405808157351406554369168880","43540580980778918806258032895931558075","15544529134457731936266432209371350031","209083865047495395997230559652591818280","318261485306923992446516686905302789370"]},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/external/libcups/+/c56dfec131379d6ad0967503a3dab26e1529d3dd","https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168903843.json"}},{"package":{"name":"platform/packages/services/BuiltInPrintService","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-11-01","vanir_signatures":[{"target":{"file":"jni/ipphelper/ipphelper.c","function":"ipp_cups_connect"},"id":"ASB-A-168903843-19554650","digest":{"length":1059,"function_hash":"208908541234022284624100531514337325684"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","signature_type":"Function","signature_version":"v1"},{"target":{"function":"ippSendRequest","file":"jni/ipphelper/ipphelper.c"},"id":"ASB-A-168903843-341aa243","digest":{"length":607,"function_hash":"269062204594514788065696016114249760109"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","signature_type":"Function","signature_version":"v1"},{"target":{"file":"jni/ipphelper/ipphelper.c"},"id":"ASB-A-168903843-544a5b82","digest":{"threshold":0.9,"line_hashes":["121841922422821634891644421617462246845","174647121699483139695830162332183851336","70205060180202351475742412994001880203","80783095156085154200111509718869578118","175809230290423591156565326244498498478","101457942480887745340045271152667832669","195007001531869849702670904799535689371","109239415881854319845481272749576884712","284115725153669263417790635072285326917","8200596218202304879321704466935497331","95853812027073571831033431326958752555","220376860414487512869001128441374112906","41061620296125049090650583377552755795","6368362472393028093489014113760184968","137636727070988564348968079198029729781","33389502629777811548589297080432372657","40615064232654873124315417879282693571","185999241522490597289635439754871331684"]},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","signature_type":"Line","signature_version":"v1"},{"target":{"file":"jni/ipphelper/ipp_print.c"},"id":"ASB-A-168903843-5a9af5a1","digest":{"threshold":0.9,"line_hashes":["74083178827159764424559278811865206118","268787358437157662698257242904396897076","331438520497111928643580768855050928183","322051738068498332997146734300850847828","108970055851000078248958388594845941807","20762511052862861924161941175142160409","157180606990651114987859639820191497487","151147799178686485981347637909813104844","258771543095798613788880454975820898369","197193703297881138390481729150984519131","150659595122998533088600898705829636364","256834437576828961255536536730863288693","212865919487125351899738350059275282634","159157273108908459099927568126125312010","85636628087925622162138427933931158559","42736056769197146402111345548795351391","214005797723658209665585891064354233609"]},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","signature_type":"Line","signature_version":"v1"},{"target":{"file":"jni/ipphelper/ipp_print.c","function":"_start_job"},"id":"ASB-A-168903843-7333795d","digest":{"length":1298,"function_hash":"125688700561513453144088291867387407339"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","signature_type":"Function","signature_version":"v1"},{"target":{"file":"jni/ipphelper/ipp_print.c","function":"_init"},"signature_type":"Function","id":"ASB-A-168903843-f01e5a3c","deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526","digest":{"length":1080,"function_hash":"29701596371237702473176779634240767410"},"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-168903843.json"}}],"schema_version":"1.7.5"}