Follow @Openwall on Twitter for new release announcements and other news
[<prev] [day] [month] [year] [list] 
Message-ID: <12c38708-e5b8-4901-b0e2-b662bd8c3190@redhat.com>
Date: Wed, 12 Nov 2025 15:09:03 +0100
From: Zdenek Dohnal <zdohnal@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Red Hat Product Security <secalert@...hat.com>
Subject: CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write
 in pdftoraster

Hi all,

we have moderate CVE-2025-64503 in libcupsfilters and cups-filters 1.x 
projects about out of bounds write in functions related to pdftoraster 
filtering reported by big-sleep-vuln-reports.

The CVSS score is 4.0 with CVSS v3 base 
metrics CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

The fix lies in libcupsfilters:

https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865

and in cups-filters 1.x (which contains libcupsfilters library before 2.x):

https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f

The detailed description of vulnerability is present at

https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9


Have a nice day,


Zdenek Dohnal

-- 
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.