cbcvebase.
CVE-2025-64503
published 2025-11-12

CVE-2025-64503: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In…

PriorityP413low3.3CVSS 3.1
AVLACLPRNUIRSUCNINAL
EPSS
0.18%
7.9th percentile
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.

Affected

21 ranges
VendorProductVersion rangeFixed in
debiancups-filters< cups-filters 1.28.17-3+deb12u2 (bookworm)cups-filters 1.28.17-3+deb12u2 (bookworm)
debianlibcupsfilters< cups-filters 1.28.17-3+deb12u2 (bookworm)cups-filters 1.28.17-3+deb12u2 (bookworm)
linuxfoundationcups-filters>= 0 < 1.28.7-1+deb11u41.28.7-1+deb11u4
linuxfoundationcups-filters>= 0 < 1.28.17-3+deb12u21.28.17-3+deb12u2
linuxfoundationcups-filters>= 0 < 1.28.17-6+deb13u11.28.17-6+deb13u1
linuxfoundationcups-filters>= 0 < 1.28.17-71.28.17-7
linuxfoundationcups-filters>= 0 < 1.28.15-0ubuntu1.51.28.15-0ubuntu1.5
linuxfoundationcups-filters>= 0 < 2.0.0-0ubuntu4.12.0.0-0ubuntu4.1
linuxfoundationcups-filters>= 0 < 2.0.1-0ubuntu3.25.04.12.0.1-0ubuntu3.25.04.1
linuxfoundationcups-filters>= 0 < 2.0.1-0ubuntu3.25.10.12.0.1-0ubuntu3.25.10.1
linuxfoundationcups-filters>= 0 < 1.8.3-2ubuntu3.5+esm31.8.3-2ubuntu3.5+esm3
linuxfoundationcups-filters>= 0 < 1.20.2-0ubuntu3.3+esm21.20.2-0ubuntu3.3+esm2
linuxfoundationcups-filters>= 0 < 1.27.4-1ubuntu0.4+esm11.27.4-1ubuntu0.4+esm1
openprintingcups-filters< 1.28.181.28.18
openprintingcups-filters
openprintingcups-filters
openprintinglibcupsfilters>= 0 < 2.0.0-3+deb13u12.0.0-3+deb13u1
openprintinglibcupsfilters>= 0 < 2.1.1-22.1.1-2
openprintinglibcupsfilters>= 0 < 2.0.0-0ubuntu7.22.0.0-0ubuntu7.2
openprintinglibcupsfilters>= 0 < 2.1.1-0ubuntu3.12.1.1-0ubuntu3.1
openprintinglibcupsfilters>= 2.0.0 < 2.1.22.1.2

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
osv3.7LOW
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.