Hi all,
we have moderate CVE-2025-64503 in libcupsfilters and cups-filters 1.x
projects about out of bounds write in functions related to pdftoraster
filtering reported by big-sleep-vuln-reports.
The CVSS score is 4.0 with CVSS v3 base
metrics CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
The fix lies in libcupsfilters:
https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865
and in cups-filters 1.x (which contains libcupsfilters library before 2.x):
https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f
The detailed description of vulnerability is present at
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9
Have a nice day,
Zdenek Dohnal
--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
