USN-6392-1: libppd vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-4504.

Q: What is the severity of the vulnerability?

The severity of this vulnerability is high.

Q: How does this vulnerability manifest?

This vulnerability allows a remote attacker to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code.

Q: Which versions of libppd are affected by this vulnerability?

The libppd version 2:2.0~rc1-0ubuntu1.2 is affected by this vulnerability.

Q: How can I fix this vulnerability?

To fix this vulnerability, update libppd to version 2:2.0~rc1-0ubuntu1.2 or later.

Published Sep 20, 2023

Updated

It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Software

2 affected componentsFixes available

All of the following

ubuntu/libppd2<2:2.0~rc1-0ubuntu1.2

2:2.0~rc1-0ubuntu1.2

Ubuntu Ubuntu=23.04

Event History

Sep 20, 2023

Advisory Published

12:00 AM

Child vulnerabilities

Contains the following vulnerabilities.

CVE-2023-4504

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2023-4504.

What is the severity of the vulnerability?

The severity of this vulnerability is high.

How does this vulnerability manifest?

This vulnerability allows a remote attacker to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code.

Which versions of libppd are affected by this vulnerability?