CVE-2020-3898

Priority
Description
A heap-based buffer overflow was discovered in in libcups's
ppdFindOption() function in ppd-mark.c:430. The issue can be reproduced
by loading a crafted ppd file and calling the ppdMarkDefaults() libcups
API function.
Assigned-to
mdeslaur
Notes
sbeattieas of 2020-04-20, does not appear to have landed upstream
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.1.3-4ubuntu0.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.2.7-1ubuntu2.8)
Ubuntu 19.10 (Eoan Ermine):released (2.2.12-2ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2.3.1-9ubuntu1.1)
Ubuntu 20.10 (Groovy Gorilla):pending (2.3.1-9ubuntu1.1)
Patches:
Vendor:https://src.fedoraproject.org/rpms/cups/blob/master/f/cups-ppdopen-heap-overflow.patch
More Information

Updated: 2020-04-30 14:18:53 UTC (commit e246cb11a5ac9de47e9d2f6685c2313d5bd3cf2d)