CVE-2023-50735 - OpenCVE

A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Lexmark

Published: 2024-02-28T02:37:26.310Z

Updated: 2024-02-28T02:37:26.310Z

Reserved: 2023-12-11T20:00:38.336Z

Link: CVE-2023-50735

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-28T03:15:07.357

Modified: 2024-02-28T14:06:45.783

Link: CVE-2023-50735

JSON object: View

Redhat Information

No data.

CWE

CWE-465

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50735", "assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853", "state": "PUBLISHED", "assignerShortName": "Lexmark", "dateReserved": "2023-12-11T20:00:38.336Z", "datePublished": "2024-02-28T02:37:26.310Z", "dateUpdated": "2024-02-28T02:37:26.310Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "various", "vendor": "Lexmark", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lexmark would like to thank the following people working with Trend Micro\u2019s Zero Day Initiative (ZDI) for bringing this issue to our attention: Rick de Jager of team PHPHooligans Carlo Meijer of team PHPHooligans Jonathan Jagt of team PHPHooligans"}], "datePublic": "2024-01-19T05:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.<br>"}], "value": "A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.\n"}], "impacts": [{"capecId": "CAPEC-456", "descriptions": [{"lang": "en", "value": "CAPEC-456 Infected Memory"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-465", "description": "CWE-465", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7bc73191-a2b6-4c63-9918-753964601853", "shortName": "Lexmark", "dateUpdated": "2024-02-28T02:37:26.310Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lexmark recommends a firmware update if your device has affected firmware.<br>"}], "value": "Lexmark recommends a firmware update if your device has affected firmware.\n"}], "source": {"discovery": "EXTERNAL"}, "title": "A vulnerability has been identified in the PostScript interpreter in various Lexmark devices.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}