CVE-2025-64524
published 2025-11-20CVE-2025-64524: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In…
PriorityP426medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.18%
7.9th percentile
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups-filters | < cups-filters 1.28.17-3+deb12u2 (bookworm) | cups-filters 1.28.17-3+deb12u2 (bookworm) |
| linuxfoundation | cups-filters | >= 0 < 1.28.7-1+deb11u4 | 1.28.7-1+deb11u4 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3+deb12u2 | 1.28.17-3+deb12u2 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-6+deb13u1 | 1.28.17-6+deb13u1 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-7 | 1.28.17-7 |
| linuxfoundation | cups-filters | >= 0 < 1.28.15-0ubuntu1.5 | 1.28.15-0ubuntu1.5 |
| linuxfoundation | cups-filters | >= 0 < 2.0.0-0ubuntu4.1 | 2.0.0-0ubuntu4.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.04.1 | 2.0.1-0ubuntu3.25.04.1 |
| linuxfoundation | cups-filters | >= 0 < 2.0.1-0ubuntu3.25.10.1 | 2.0.1-0ubuntu3.25.10.1 |
| linuxfoundation | cups-filters | >= 0 < 1.8.3-2ubuntu3.5+esm3 | 1.8.3-2ubuntu3.5+esm3 |
| linuxfoundation | cups-filters | >= 0 < 1.20.2-0ubuntu3.3+esm2 | 1.20.2-0ubuntu3.3+esm2 |
| linuxfoundation | cups-filters | >= 0 < 1.27.4-1ubuntu0.4+esm1 | 1.27.4-1ubuntu0.4+esm1 |
| openprinting | cups-filters | <= 2.0.1 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_ubuntu3.7LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: Several security issues were fixed in cups-filters.
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-645
Red Hat
cups-filters: cups-filters: Heap buffer overflow in rastertopclx filter may lead arbitrary code execution
vendor_redhat·2025-11-20·CVSS 3.3
CVE-2025-64524 [LOW] CWE-120 cups-filters: cups-filters: Heap buffer overflow in rastertopclx filter may lead arbitrary code execution
cups-filters: cups-filters: Heap buffer overflow in rastertopclx filter may lead arbitrary code execution
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.
A flaw was found in cups-filters. This vulnerability allows a heap buffer overflow and memory corruption, potentially leading to arbitrary code execution or a Denial of Service, via an unvalida
Debian
CVE-2025-64524: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
vendor_debian·2025·CVSS 3.3
CVE-2025-64524 [LOW] CVE-2025-64524: cups-filters - cups-filters contains backends, filters, and other software required to get the ...
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.
Scope: local
bookworm: resolved (fixed in 1.28.17-3+deb12u2)
bullseye: resolved (fixed in 1.28.7-1+deb11u4)
forky: resolved (fixed in 1.28.17-7)
sid: resolved (fixed in 1.28.17-7)
trixie: resolved (fixed in 1.28.17-6+deb13u1)
OSV
cups-filters vulnerabilities
osv·2025-11-24·CVSS 3.7
CVE-2025-64524 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affec
OSV
CVE-2025-64524: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
osv·2025-11-20·CVSS 5.5
CVE-2025-64524 [MEDIUM] CVE-2025-64524: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.
OSV
cups-filters vulnerabilities
osv·2025-11-20·CVSS 3.7
CVE-2025-57812 [LOW] cups-filters vulnerabilities
cups-filters vulnerabilities
It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)
It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-64503)
It was discovered that cups-filters incorrectly handled certain
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenPrinting/cups-filters/commit/956283c74a34ae924266a2a63f8e5f529a1abd06https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hvhttp://www.openwall.com/lists/oss-security/2025/11/20/1https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv
2025-11-20
Published