{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2023 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-2228","title":"Title"},{"category":"description","text":"In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-2228","url":"https://www.suse.com/security/cve/CVE-2019-2228"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"}],"title":"SUSE CVE CVE-2019-2228","tracking":{"current_release_date":"2023-02-15T04:19:15Z","generator":{"date":"2023-02-15T04:19:15Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-2228","initial_release_date":"2023-02-15T04:19:15Z","revision_history":[{"date":"2023-02-15T04:19:15Z","number":"2","summary":"Current version"}],"status":"interim","version":"2"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"cups-2.3.3op2-4.2","product":{"name":"cups-2.3.3op2-4.2","product_id":"cups-2.3.3op2-4.2","product_identification_helper":{"cpe":"cpe:2.3:a:apple:cups:2.3.3op2:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"cups-client-2.3.3op2-4.2","product":{"name":"cups-client-2.3.3op2-4.2","product_id":"cups-client-2.3.3op2-4.2"}},{"category":"product_version","name":"cups-config-2.3.3op2-4.2","product":{"name":"cups-config-2.3.3op2-4.2","product_id":"cups-config-2.3.3op2-4.2"}},{"category":"product_version","name":"cups-ddk-2.3.3op2-4.2","product":{"name":"cups-ddk-2.3.3op2-4.2","product_id":"cups-ddk-2.3.3op2-4.2"}},{"category":"product_version","name":"cups-devel-2.3.3op2-4.2","product":{"name":"cups-devel-2.3.3op2-4.2","product_id":"cups-devel-2.3.3op2-4.2"}},{"category":"product_version","name":"cups-devel-32bit-2.3.3op2-4.2","product":{"name":"cups-devel-32bit-2.3.3op2-4.2","product_id":"cups-devel-32bit-2.3.3op2-4.2"}},{"category":"product_version","name":"libcups2-2.3.3op2-4.2","product":{"name":"libcups2-2.3.3op2-4.2","product_id":"libcups2-2.3.3op2-4.2"}},{"category":"product_version","name":"libcups2-32bit-2.3.3op2-4.2","product":{"name":"libcups2-32bit-2.3.3op2-4.2","product_id":"libcups2-32bit-2.3.3op2-4.2"}},{"category":"product_version","name":"libcupsimage2-2.3.3op2-4.2","product":{"name":"libcupsimage2-2.3.3op2-4.2","product_id":"libcupsimage2-2.3.3op2-4.2"}},{"category":"product_version","name":"libcupsimage2-32bit-2.3.3op2-4.2","product":{"name":"libcupsimage2-32bit-2.3.3op2-4.2","product_id":"libcupsimage2-32bit-2.3.3op2-4.2"}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cups-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-2.3.3op2-4.2"},"product_reference":"cups-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cups-client-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2"},"product_reference":"cups-client-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cups-config-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2"},"product_reference":"cups-config-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cups-ddk-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2"},"product_reference":"cups-ddk-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cups-devel-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2"},"product_reference":"cups-devel-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"cups-devel-32bit-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2"},"product_reference":"cups-devel-32bit-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libcups2-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2"},"product_reference":"libcups2-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libcups2-32bit-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2"},"product_reference":"libcups2-32bit-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libcupsimage2-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2"},"product_reference":"libcupsimage2-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libcupsimage2-32bit-2.3.3op2-4.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2"},"product_reference":"libcupsimage2-32bit-2.3.3op2-4.2","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2019-2228","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-2228"}],"notes":[{"category":"general","text":"In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196","title":"Vulnerability description"}],"product_status":{"fixed":["openSUSE Tumbleweed:cups-2.3.3op2-4.2","openSUSE Tumbleweed:cups-client-2.3.3op2-4.2","openSUSE Tumbleweed:cups-config-2.3.3op2-4.2","openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2"]},"references":[{"category":"external","summary":"CVE-2019-2228","url":"https://www.suse.com/security/cve/CVE-2019-2228"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:cups-2.3.3op2-4.2","openSUSE Tumbleweed:cups-client-2.3.3op2-4.2","openSUSE Tumbleweed:cups-config-2.3.3op2-4.2","openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Tumbleweed:cups-2.3.3op2-4.2","openSUSE Tumbleweed:cups-client-2.3.3op2-4.2","openSUSE Tumbleweed:cups-config-2.3.3op2-4.2","openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2","openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-2.3.3op2-4.2","openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2","openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2"]}],"threats":[{"category":"impact","date":"2019-12-07T05:12:16Z","details":"moderate"}],"title":"CVE-2019-2228"}]}