CVE-2019-2228
cups - security update
5.5
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196
How to fix CVE-2019-2228
To remediate CVE-2019-2228, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.1-1 or later
- —upgrade to 1.7.5-11+deb8u7 or later
Is CVE-2019-2228 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.1-1
- from 0, < 1.7.5-11+deb8u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |