cups: Multiple Vulnerabilities (CVE-2019-8842, CVE-2020-3898)

CVE-2020-3898: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c

A heap-based buffer overflow was discovered in in libcups's ppdFindOption() function in ppd-mark.c:430. The issue can be reproduced by loading a crafted ppd file and calling the ppdMarkDefaults() libcups API function.

Fixed In Version:

cups 2.3.3

Reference:

https://security-tracker.debian.org/tracker/CVE-2020-3898

Patch:

https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444

CVE-2019-8842: he `ippReadIO` function may under-read an extension field

Fixed In Version:

cups 2.3.3

Reference:

https://security-tracker.debian.org/tracker/CVE-2019-8842

Patch:

https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444

Affected branches:

Edited Dec 11, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

cups: Multiple Vulnerabilities (CVE-2019-8842, CVE-2020-3898)

CVE-2020-3898: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c

Fixed In Version:

Reference:

Patch:

CVE-2019-8842: he ippReadIO function may under-read an extension field

Fixed In Version:

Reference:

Patch:

Affected branches:

CVE-2019-8842: he `ippReadIO` function may under-read an extension field