CVE-2025-57812
published 2025-11-12CVE-2025-57812: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library…
PriorityP417low3.7CVSS 3.1
AVAACHPRLUINSUCLILAN
EPSS
0.41%
33.0th percentile
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the `imagetoraster` filter or its C-function equivalent `cfFilterImageToRaster()` gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is `_cfImageReadTIFF() in libcupsfilters`. When this function is invoked as part of `cfFilterImageToRaster()`, the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in `_cupsImageReadTIFF()`, which is called through `cupsImageOpen()` from the `imagetoraster` tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups-filters | < cups-filters 1.28.17-3+deb12u2 (bookworm) | cups-filters 1.28.17-3+deb12u2 (bookworm) |
| debian | libcupsfilters | < cups-filters 1.28.17-3+deb12u2 (bookworm) | cups-filters 1.28.17-3+deb12u2 (bookworm) |
| linuxfoundation | cups-filters | >= 0 < 1.28.7-1+deb11u4 | 1.28.7-1+deb11u4 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3+deb12u2 | 1.28.17-3+deb12u2 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-6+deb13u1 | 1.28.17-6+deb13u1 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-7 | 1.28.17-7 |
| linuxfoundation | cups-filters | >= 0 < 1.28.15-0ubuntu1.5 | 1.28.15-0ubuntu1.5 |
| linuxfoundation | cups-filters | >= 0 < 2.0.0-0ubuntu4.1 | 2.0.0-0ubuntu4.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.04.1 | 2.0.1-0ubuntu3.25.04.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.10.1 | 2.0.1-0ubuntu3.25.10.1 |
| linuxfoundation | cups-filters | >= 0 < 1.8.3-2ubuntu3.5+esm3 | 1.8.3-2ubuntu3.5+esm3 |
| linuxfoundation | cups-filters | >= 0 < 1.20.2-0ubuntu3.3+esm2 | 1.20.2-0ubuntu3.3+esm2 |
| linuxfoundation | cups-filters | >= 0 < 1.27.4-1ubuntu0.4+esm1 | 1.27.4-1ubuntu0.4+esm1 |
| openprinting | cups-filters | < 1.28.17 | 1.28.17 |
| openprinting | libcupsfilters | — | — |
| openprinting | libcupsfilters | — | — |
| openprinting | libcupsfilters | >= 0 < 2.0.0-3+deb13u1 | 2.0.0-3+deb13u1 |
| openprinting | libcupsfilters | >= 0 < 2.1.1-2 | 2.1.1-2 |
| openprinting | libcupsfilters | >= 0 < 2.0.0-0ubuntu7.2 | 2.0.0-0ubuntu7.2 |
| openprinting | libcupsfilters | >= 0 < 2.1.1-0ubuntu3.1 | 2.1.1-0ubuntu3.1 |
| openprinting | libcupsfilters | >= 2.0.0 < 2.1.1 | 2.1.1 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
osv3.7LOW
vendor_debian3.7LOW
vendor_redhat3.7LOW
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-645
Ubuntu
libcupsfilters vulnerabilities
vendor_ubuntu·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] libcupsfilters vulnerabilities
Title: libcupsfilters vulnerabilities
Summary: Several security issues were fixed in libcupsfilters.
It was discovered that libcupsfilters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-57812)
It was discovered that libcupsfilters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-64503)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cups: CUPS-Filters: Information disclosure and data corruption via crafted TIFF image file processing
vendor_redhat·2025-11-12·CVSS 3.7
CVE-2025-57812 [LOW] CWE-787 cups: CUPS-Filters: Information disclosure and data corruption via crafted TIFF image file processing
cups: CUPS-Filters: Information disclosure and data corruption via crafted TIFF image file processing
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inpu
Debian
CVE-2025-57812: cups-filters - CUPS is a standards-based, open-source printing system, and `libcupsfilters` con...
vendor_debian·2025·CVSS 3.7
CVE-2025-57812 [LOW] CVE-2025-57812: cups-filters - CUPS is a standards-based, open-source printing system, and `libcupsfilters` con...
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get pro
OSV
cups-filters vulnerabilities
osv·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affec
OSV
libcupsfilters vulnerabilities
osv·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] libcupsfilters vulnerabilities
libcupsfilters vulnerabilities
It was discovered that libcupsfilters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-57812)
It was discovered that libcupsfilters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-64503)
OSV
cups-filters vulnerabilities
osv·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-64503)
It was discovered that cups-filters incorrectly handled certain
OSV
CVE-2025-57812: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as
osv·2025-11-12·CVSS 3.7
CVE-2025-57812 [LOW] CVE-2025-57812: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get pro
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/cupsfilters/image-tiff.c#L34https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/filter/imagetoraster.c#L613https://github.com/OpenPrinting/libcupsfilters/blob/33421982e10f6a14bc0bab03b80c9cf4660e8d7d/cupsfilters/image-tiff.c#L32https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfahttps://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4http://www.openwall.com/lists/oss-security/2025/11/12/1
2025-11-12
Published