PublicDateAtUSN: 2019-12-06 23:15:00 UTC
Candidate: CVE-2019-2228
PublicDate: 2019-12-06 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2228
 https://source.android.com/security/bulletin/2019-12-01
 https://android.googlesource.com/platform/external/libcups/+/5fb2ccdf3347f61b570c8e340f90db5cd28b29bc
 https://ubuntu.com/security/notices/USN-4340-1
Description:
 In array_find of array.c, there is a possible out-of-bounds read due to an
 incorrect bounds check. This could lead to local information disclosure in
 the printer spooler with no additional execution privileges needed. User
 interaction is not needed for exploitation.Product: AndroidVersions:
 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946782
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_cups:
 upstream: https://github.com/apple/cups/commit/b018978c278d42c7abf78941251b887c95dfdb07 (2.3.1)
 upstream: https://github.com/apple/cups/commit/8c9b3606cca99e5dfc51784a9de1634345db7579 (2.2.13)
upstream_cups: released (2.3.1-1)
precise/esm_cups: DNE
trusty_cups: ignored (out of standard support)
trusty/esm_cups: DNE
xenial_cups: released (2.1.3-4ubuntu0.11)
esm-infra/xenial_cups: released (2.1.3-4ubuntu0.11)
bionic_cups: released (2.2.7-1ubuntu2.8)
disco_cups: ignored (reached end-of-life)
eoan_cups: released (2.2.12-2ubuntu1.1)
focal_cups: not-affected (2.3.1-4)
devel_cups: not-affected (2.3.1-4)