CVE-2019-2180
cups - security update
5.5
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.
How to fix CVE-2019-2180
To remediate CVE-2019-2180, upgrade the affected package to a fixed version below.
- —upgrade to 2.2.12-1 or later
- —upgrade to 1.7.5-11+deb8u5 or later
Is CVE-2019-2180 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.2.12-1
- from 0, < 1.7.5-11+deb8u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |