oss-sec mailing list archives

CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write in pdftoraster

From: Zdenek Dohnal <zdohnal () redhat com>
Date: Wed, 12 Nov 2025 15:09:03 +0100

Hi all,

we have moderate CVE-2025-64503 in libcupsfilters and cups-filters 1.xprojects about out of bounds write in functions related to pdftorasterfiltering reported by big-sleep-vuln-reports.

The CVSS score is 4.0 with CVSS v3 basemetrics CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L


The fix lies in libcupsfilters:

https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865

and in cups-filters 1.x (which contains libcupsfilters library before 2.x):

https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f

The detailed description of vulnerability is present at

https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9


Have a nice day,


Zdenek Dohnal

--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC

Current thread:

CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write in pdftoraster Zdenek Dohnal (Nov 12)