Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:8 relevant versions.
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.
cups to version 1.7.5-11+deb8u5 or higher.