CVE-2023-4504

HIGH

CUPS < 2.4.7 - Heap-based Buffer Overflow via PPD PostScript Document

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4504. PoCs published by djjohnson565.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-4504, a heap-based buffer overflow in CUPS v2.4.6. It includes both a vulnerable replication and a fixed version, demonstrating the exploit mechanics and mitigation.

Description

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

Exploits (1)

nomisec WORKING POC 3 stars
by djjohnson565 · poc
https://github.com/djjohnson565/CUPS-Exploit

This repository contains a functional proof-of-concept for CVE-2023-4504, a heap-based buffer overflow in CUPS v2.4.6. It includes both a vulnerable replication and a fixed version, demonstrating the exploit mechanics and mitigation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CUPS v2.4.6
No auth needed
Prerequisites: CUPS v2.4.6 installation · ability to send malformed input to the vulnerable function
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit technical-description third-party-advisory
https://takeonme.org/cves/CVE-2023-4504.html

Scores

CVSS v3 7.0
EPSS 0.0066
EPSS Percentile 46.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-122 CWE-787
Status published
Products (6)
debian/debian_linux 10.0
fedoraproject/fedora 37
fedoraproject/fedora 38
fedoraproject/fedora 39
openprinting/cups < 2.4.7
openprinting/libppd 2.0 rc2
Published Sep 21, 2023
Tracked Since Feb 18, 2026