CVE-2025-57812Out-of-bounds Read in Cups-filters

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write10 documents6 sources
Severity
3.7LOWNVD
EPSS
0.0%
top 95.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linuxfoundation Cups-filtersOpenprinting LibcupsfiltersOpenprinting Cups-filters
Timeline
PublishedNov 12
Latest updateNov 24

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages7 packages

NVDopenprinting/libcupsfilters2.0.02.1.1
Debianopenprinting/libcupsfilters< 2.0.0-3+deb13u1+1
Ubuntuopenprinting/libcupsfilters< 2.0.0-0ubuntu7.2+1
CVEListV5openprinting/libcupsfilterscups-filters <= 1.28.17, libcupsfilters >= 2.0.0, < 2.1.1+1

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
cups-filters vulnerabilities2025-11-24
OSV
libcupsfilters vulnerabilities2025-11-20
OSV
cups-filters vulnerabilities2025-11-20
CVEList
[BIGSLEEP-434612419] CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`2025-11-12
OSV
CVE-2025-57812: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as2025-11-12

📋Vendor Advisories

4
Ubuntu
cups-filters vulnerabilities2025-11-20
Ubuntu
libcupsfilters vulnerabilities2025-11-20
Red Hat
cups: CUPS-Filters: Information disclosure and data corruption via crafted TIFF image file processing2025-11-12
Debian
CVE-2025-57812: cups-filters - CUPS is a standards-based, open-source printing system, and `libcupsfilters` con...2025
CVE-2025-57812 — Out-of-bounds Read in Cups-filters | cvebase