CVE-2019-2180
MEDIUM5.5EPSS 0.02%cups - security update
Published: 9/5/2019Modified: 4/28/2026
Also known as:DEBIAN-CVE-2019-2180
Description
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected packages (2)
- Debian/cupsfrom 0, < 2.2.12-1
- Debian/cupsfrom 0, < 1.7.5-11+deb8u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |