CVE-2025-64503
published 2025-11-12CVE-2025-64503: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In…
PriorityP413low3.3CVSS 3.1
AVLACLPRNUIRSUCNINAL
EPSS
0.18%
7.9th percentile
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups-filters | < cups-filters 1.28.17-3+deb12u2 (bookworm) | cups-filters 1.28.17-3+deb12u2 (bookworm) |
| debian | libcupsfilters | < cups-filters 1.28.17-3+deb12u2 (bookworm) | cups-filters 1.28.17-3+deb12u2 (bookworm) |
| linuxfoundation | cups-filters | >= 0 < 1.28.7-1+deb11u4 | 1.28.7-1+deb11u4 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3+deb12u2 | 1.28.17-3+deb12u2 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-6+deb13u1 | 1.28.17-6+deb13u1 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-7 | 1.28.17-7 |
| linuxfoundation | cups-filters | >= 0 < 1.28.15-0ubuntu1.5 | 1.28.15-0ubuntu1.5 |
| linuxfoundation | cups-filters | >= 0 < 2.0.0-0ubuntu4.1 | 2.0.0-0ubuntu4.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.04.1 | 2.0.1-0ubuntu3.25.04.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.10.1 | 2.0.1-0ubuntu3.25.10.1 |
| linuxfoundation | cups-filters | >= 0 < 1.8.3-2ubuntu3.5+esm3 | 1.8.3-2ubuntu3.5+esm3 |
| linuxfoundation | cups-filters | >= 0 < 1.20.2-0ubuntu3.3+esm2 | 1.20.2-0ubuntu3.3+esm2 |
| linuxfoundation | cups-filters | >= 0 < 1.27.4-1ubuntu0.4+esm1 | 1.27.4-1ubuntu0.4+esm1 |
| openprinting | cups-filters | < 1.28.18 | 1.28.18 |
| openprinting | cups-filters | — | — |
| openprinting | cups-filters | — | — |
| openprinting | libcupsfilters | >= 0 < 2.0.0-3+deb13u1 | 2.0.0-3+deb13u1 |
| openprinting | libcupsfilters | >= 0 < 2.1.1-2 | 2.1.1-2 |
| openprinting | libcupsfilters | >= 0 < 2.0.0-0ubuntu7.2 | 2.0.0-0ubuntu7.2 |
| openprinting | libcupsfilters | >= 0 < 2.1.1-0ubuntu3.1 | 2.1.1-0ubuntu3.1 |
| openprinting | libcupsfilters | >= 2.0.0 < 2.1.2 | 2.1.2 |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
osv3.7LOW
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cups-filters vulnerabilities
osv·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affec
OSV
libcupsfilters vulnerabilities
osv·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] libcupsfilters vulnerabilities
libcupsfilters vulnerabilities
It was discovered that libcupsfilters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-57812)
It was discovered that libcupsfilters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-64503)
OSV
cups-filters vulnerabilities
osv·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-64503)
It was discovered that cups-filters incorrectly handled certain
OSV
CVE-2025-64503: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
osv·2025-11-12·CVSS 3.3
CVE-2025-64503 [LOW] CVE-2025-64503: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-645
Ubuntu
libcupsfilters vulnerabilities
vendor_ubuntu·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] libcupsfilters vulnerabilities
Title: libcupsfilters vulnerabilities
Summary: Several security issues were fixed in libcupsfilters.
It was discovered that libcupsfilters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-57812)
It was discovered that libcupsfilters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
libcupsfilters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-64503)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cups: cups-filters: cups-filters: Out-of-bounds write via crafted PDF MediaBox
vendor_redhat·2025-11-12·CVSS 4.0
CVE-2025-64503 [MEDIUM] CWE-787 cups: cups-filters: cups-filters: Out-of-bounds write via crafted PDF MediaBox
cups: cups-filters: cups-filters: Out-of-bounds write via crafted PDF MediaBox
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outsi
Debian
CVE-2025-64503: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
vendor_debian·2025·CVSS 4.0
CVE-2025-64503 [MEDIUM] CVE-2025-64503: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790http://www.openwall.com/lists/oss-security/2025/11/12/2
2025-11-12
Published