{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-4504","assignerOrgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","state":"PUBLISHED","assignerShortName":"AHA","dateReserved":"2023-08-23T21:14:04.183Z","datePublished":"2023-09-21T22:47:41.879Z","dateUpdated":"2025-11-04T16:10:38.138Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"CUPS","vendor":"OpenPrinting","versions":[{"lessThan":"2.4.6","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"libppd","vendor":"OpenPrinting","versions":[{"lessThan":"d09348b","status":"affected","version":"0","versionType":"git"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"zenofex"},{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"WanderingGlitch"},{"lang":"en","type":"coordinator","user":"00000000-0000-4000-9000-000000000000","value":"Austin Hackers Anonymous!"}],"datePublic":"2023-09-20T12:35:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.</span><br>"}],"value":"Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122 Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"26969f82-7e87-44d8-9cb5-f6fb926ddd43","shortName":"AHA","dateUpdated":"2023-10-07T02:06:38.717Z"},"references":[{"tags":["technical-description","third-party-advisory"],"url":"https://takeonme.org/cves/CVE-2023-4504.html"},{"tags":["vendor-advisory"],"url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"},{"tags":["vendor-advisory"],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"},{"tags":["release-notes"],"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"}],"source":{"discovery":"EXTERNAL"},"title":"OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CVE Program Container","references":[{"tags":["technical-description","third-party-advisory","x_transferred"],"url":"https://takeonme.org/cves/CVE-2023-4504.html"},{"tags":["vendor-advisory","x_transferred"],"url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"},{"tags":["vendor-advisory","x_transferred"],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"},{"tags":["release-notes","x_transferred"],"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Sep/33"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T16:10:38.138Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T13:29:05.900883Z","id":"CVE-2023-4504","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-23T16:16:13.304Z"}}]}}