CVE-2025-64503
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: GitHub, Inc.

Description
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-64503
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openprinting cups-filters 1.28.18
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Update cups-filters to version 1.28.18 or later, which contains the patch fixing the out-of-bounds write vulnerability caused by crafted PDF files with large MediaBox values.


How can this vulnerability impact me? :

The vulnerability can cause an out-of-bounds write in the pdftoraster tool of cups-filters, which may lead to a denial of service or potentially allow an attacker to execute arbitrary code or corrupt memory. The CVSS score indicates a low to medium impact with no confidentiality or integrity loss but with availability impact.


Can you explain this vulnerability to me?

This vulnerability exists in cups-filters prior to version 1.28.18, specifically in the pdftoraster tool. An attacker can craft a PDF file with a very large MediaBox width value, which causes an integer overflow during the calculation of bytesPerLine. This overflow results in allocating a buffer smaller than needed. Subsequently, when the program writes pixel data, it writes beyond the allocated buffer size, causing an out-of-bounds write.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart