{"id":"CVE-2023-4504","details":"Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.","modified":"2026-04-02T09:26:09.817274Z","published":"2023-09-21T23:15:12.293Z","related":["CGA-cc9m-8c94-h5ph","GHSA-4f65-6ph5-qwh6","GHSA-pf5r-86w9-678h","MGASA-2023-0284","SUSE-SU-2023:3706-1","SUSE-SU-2023:3707-1","SUSE-SU-2023:3707-2","SUSE-SU-2025:20090-1","openSUSE-SU-2024:13250-1"],"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2024/Sep/33"},{"type":"ADVISORY","url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"},{"type":"EVIDENCE","url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"},{"type":"EVIDENCE","url":"https://takeonme.org/cves/CVE-2023-4504.html"},{"type":"EVIDENCE","url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openprinting/cups","events":[{"introduced":"0"},{"fixed":"3a4d9204e5818e5d0b8f1e0e50832661209048ee"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.7"}]}},{"type":"GIT","repo":"https://github.com/openprinting/libppd","events":[{"introduced":"0"},{"last_affected":"98aca6cb5ceafa3a652ea21e3910318bdbe42e18"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0-rc2"}]}}],"versions":["2.0b1","2.0b2","2.0b3","2.0b4","2.0rc1","2.0rc2","release-1.6.3","release-1.6.4","release-1.7.0","release-1.7.1","release-1.7.2","release-1.7.3","release-1.7.4","release-1.7.5","release-1.7rc1","release-2.0.0","release-2.0.1","release-2.0.2","release-2.0.3","release-2.0.4","release-2.0b1","release-2.0rc1","release-2.1.0","release-2.1.2","release-2.1.3","release-2.1.4","release-2.1b1","release-2.1rc1","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.2b1","v2.2b2","v2.2rc1","v2.3.0","v2.3.1","v2.3.3","v2.3.3op1","v2.3.3op2","v2.3b1","v2.3b2","v2.3b3","v2.3b4","v2.3b5","v2.3b6","v2.3b7","v2.3b8","v2.3rc1","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4b1","v2.4rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4504.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}