oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-57812 libcupsfilters, cups-filters 1.x: Multiple TIFF-related issues in libcupsfilters

From: Zdenek Dohnal <zdohnal () redhat com>
Date: Wed, 12 Nov 2025 14:46:48 +0100
Hi all,
we would like to announce CVE-2025-57812 which is fixed now in libcupsfilters and cups-filters 1.x project reported by big-sleep-vuln-reports. The vulnerability includes the following issues regarding TIFF processing in libcupsfilters: 

- heap-buffer-overflow write in cfImageLut()

- heap-buffer-overflow in _cfImageReadTIFF()

- multiple out of bounds reads in _cfImageReadTIFF()'s scanline buffer
The CVE severity is Low (3.7/10) with following CVSS v3 base metrics - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 

The fixes are present in libcupsfilters project as commits:

https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f17628178
and in cups-filters 1.x (cups-filters project before split which happened in version 2.x, which moved library code into libcupsfilters): 

https://github.com/OpenPrinting/cups-filters/commit/5122052dd8f06949242099401c59f6c3b14e61c3

https://github.com/OpenPrinting/cups-filters/commit/cb927006747b797aa9163cd0cbd41b9bbdf05db0

https://github.com/OpenPrinting/cups-filters/commit/719c557c9a29db32b855e6e108d7f4e7c5397613

https://github.com/OpenPrinting/cups-filters/commit/7bd588a1fc5c99ac0b1951beb1b54b438137a7b5

https://github.com/OpenPrinting/cups-filters/commit/5e5f1c5d46a043c57cbbe6e043aa95896d9c40fa

Detailed information about issues are in published advisories:

https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4

https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-rc6w-jmvv-v7gx

https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-fmvr-45mx-43c6


Have a nice day!

Zdenek Dohnal

--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
Previous By Date Next
Previous By Thread Next

Current thread: