CVE-2020-6923
Publication date 19 December 2024
Last updated 18 August 2025
Ubuntu priority
Description
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| hplip | 25.10 questing |
Not affected
|
| 25.04 plucky |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 3.20.3+dfsg0-2ubuntu0.1
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
mdeslaur
hplip 3.20.9 replaces the vulnerable file (/protocol/discovery/mdns.c) with a completely different replacement based on avahi (/protocol/discovery/avahiDiscovery.c) as such, a minimal fix is unavailable from HP.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.7 · Medium
|
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7202-1
- HPLIP vulnerability
- 13 January 2025