#VU80932 Off-by-one in cups - CVE-2023-4504


Vulnerability identifier: #VU80932

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-4504

CWE-ID: CWE-193

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cups
Server applications / Other server solutions

Vendor: OpenPrinting

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error when parsing Postscript objects within the scan_ps() function in cups/raster-interpret.c. A remote attacker can trigger pass a specially crafted PPD file to the affected application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cups: 2.2.0 - 2.4.6

External links
https://seclists.org/oss-sec/2023/q3/198
https://github.com/OpenPrinting/cups/commit/2431caddb7e6
https://takeonme.org/cves/CVE-2023-4504.html
https://github.com/OpenPrinting/cups/releases/tag/v2.4.7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for cups
Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines
Multiple vulnerabilities in macOS Sequoia
Gentoo update for CUPS
Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
Anolis OS update for cups
Dell EMC Cloud Tiering Appliance update for third-party software
Amazon Linux AMI update for cups
openEuler 22.03 LTS update for cups
SUSE update for cups