LOW🇬🇧 English

CVE-2025-57812

CVSS 3.7v3.1pub. 2025-11-12upd. 2026-01-20

CUPS to standardowy open-source'owy system drukowania, a `libcupsfilters` zawiera kod filtrów z byłego pakietu `cups-filters` jako funkcje biblioteczne do zadań konwersji formatów danych w aplikacjach drukarki. W wersjach CUPS-Filters do wersji 1.28.17 włącznie i wersjach libcupsfilters 2.0.0 do 2.1.1 filter `imagetoraster` zawiera podatność out of bounds read/write przy przetwarzaniu plików obrazu TIFF. Bufor pikseli jest alokowany na podstawie liczby pikseli razy wstępnie obliczona wartość bajtów na piksel, ale funkcja przetwarzająca te piksele jest wywoływana z rozmiarem liczby pikseli razy 3. Przy odpowiednich danych wejściowych wartość bajtów na piksel może być ustawiona na 1, a bajty poza granicami bufora są przetwarzane. Aby wyzwolić błąd, atakujący musi wysłać zadanie drukowania ze spreparowanym plikiem TIFF i przek

Pokaż oryginał (EN)

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the `imagetoraster` filter or its C-function equivalent `cfFilterImageToRaster()` gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is `_cfImageReadTIFF() in libcupsfilters`. When this function is invoked as part of `cfFilterImageToRaster()`, the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in `_cupsImageReadTIFF()`, which is called through `cupsImageOpen()` from the `imagetoraster` tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Openprinting Cups Filters

    APP
    Openprinting
    < 1.28.17
  • Openprinting Libcupsfilters

    APP
    Openprinting
    2.0.0 – 2.1.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-47076HIGH8.6ten sam produkt

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters ...

CVE-2025-64503MEDIUM4.0ten sam produkt

cups-filters contains backends, filters, and other software required to get the cups printing service working ...

CVE-2025-64524LOW3.3ten sam produkt

cups-filters zawiera komponenty backendów, filtry i inne oprogramowanie niezbędne do uruchomienia usługi druko...

CVE-2023-34095CRITICAL9.8ten sam vendor

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In v...

CVE-2025-58060HIGH8.0ten sam vendor

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...