Unrated severityNVD Advisory· Published Sep 21, 2023· Updated Nov 4, 2025

OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow

CVE-2023-4504

Description

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Affected products

Openprinting/Cupsv5
Range: 0
OpenPrinting/libppdv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678hmitrevendor-advisory
github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6mitrevendor-advisory
takeonme.org/cves/CVE-2023-4504.htmlmitretechnical-descriptionthird-party-advisory
github.com/OpenPrinting/cups/releases/tag/v2.4.7mitrerelease-notes
lists.debian.org/debian-lts-announce/2023/09/msg00041.htmlmitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000