Hi all,
we have CVE-2025-64524 in cups-filters project regarding heap buffer
overflow in rastertopclx reported by frostb1ten.
Since the issue requires user to have additional permissions to install
printer with PPD file calling rastertopclx filter and the filter is run
under lp user which does not have root permissions, the vulnerability is
Low with CVSS score 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L .
More details in the advisory:
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv
Commits with fixes in the project:
master:
https://github.com/OpenPrinting/cups-filters/commit/0fe46c511e81062575b05936f804eb18c9f0a011
1.x:
https://github.com/OpenPrinting/cups-filters/commit/b03866fd2e251a6d822a5e8c807c8d47b4d2dce2
Have a nice day!
Zdenek
--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
