CVE-2025-64503

MEDIUM
中文标题:
(暂无数据)
英文标题:
[BIGSLEEP-434615384] cups-filters 1.x: out of bounds write in pdftoraster
CVSS分数: 4.0
发布时间: 2025-11-12 22:04:03
漏洞类型: (暂无数据)
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

(暂无数据)

英文描述:

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.

CWE类型:
CWE-787
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
OpenPrinting cups-filters cups-filters < 1.28.18 - - cpe:2.3:a:openprinting:cups-filters:cups-filters_<_1.28.18:*:*:*:*:*:*:*
OpenPrinting cups-filters libcupsfilters >= 2.0.0, < 2.1.2 - - cpe:2.3:a:openprinting:cups-filters:libcupsfilters_>=_2.0.0,_<_2.1.2:*:*:*:*:*:*:*
openprinting cups-filters * - - cpe:2.3:a:openprinting:cups-filters:*:*:*:*:*:*:*:*
openprinting libcupsfilters * - - cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9 x_refsource_CONFIRM
cve.org
访问
https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865 x_refsource_MISC
cve.org
访问
https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620 x_refsource_MISC
cve.org
访问
https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880 x_refsource_MISC
cve.org
访问
https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790 x_refsource_MISC
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
CVSS评分详情
3.1 (cna)
MEDIUM
4.0
CVSS向量: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
机密性
NONE
完整性
NONE
可用性
LOW
时间信息
发布时间:
2025-11-12 22:04:03
修改时间:
2025-11-13 16:56:18
创建时间:
2026-01-12 02:12:19
更新时间:
2026-01-21 06:00:18
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-64503 2025-11-15 03:17:46 2026-01-12 02:12:19
NVD nvd_CVE-2025-64503 2025-11-15 03:18:45 2026-01-12 02:28:01
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN
安全公告
暂无安全公告信息
变更历史
v3 NVD
2026-01-21 06:00:18
affected_products_count: 2 → 4
查看详细变更
  • affected_products_count: 2 -> 4
v2 NVD
2026-01-12 02:28:01
references_count: 5 → 6; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • references_count: 5 -> 6
  • data_sources: ['cve'] -> ['cve', 'nvd']