An update for cups-filters is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2719 Final 1.0 1.0 2025-11-22 Initial 2025-11-22 2025-11-22 openEuler SA Tool V1.0 2025-11-22 cups-filters security update An update for cups-filters is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse Bonjour broadcasts of remote CUPS printers to make these printers available locally and to provide backward compatibility to the old CUPS broadcasting and browsing of CUPS 1.5.x and older. Security Fix(es): CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package. In CUPS-Filters versions up to and including 1.28.17 and libcupsfilters versions 2.0.0 through 2.1.1, the imagetoraster filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. An attacker must issue a print job with a crafted TIFF file and control the bytes-per-pixel value of the output format. The vulnerability exists in both CUPS-Filters 1.x and libcupsfilters 2.x. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.(CVE-2025-57812) cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.(CVE-2025-64503) An update for cups-filters is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium cups-filters https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2719 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-57812 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-64503 https://nvd.nist.gov/vuln/detail/CVE-2025-57812 https://nvd.nist.gov/vuln/detail/CVE-2025-64503 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 cups-filters-1.28.9-6.oe2203sp4.src.rpm cups-filters-1.28.15-5.oe2403.src.rpm cups-filters-1.28.15-5.oe2403sp1.src.rpm cups-filters-1.28.15-5.oe2403sp2.src.rpm cups-filters-1.26.1-7.oe2003sp4.src.rpm cups-filters-1.28.9-6.oe2203sp3.src.rpm cups-filters-1.28.9-6.oe2203sp4.x86_64.rpm cups-filters-debuginfo-1.28.9-6.oe2203sp4.x86_64.rpm cups-filters-debugsource-1.28.9-6.oe2203sp4.x86_64.rpm cups-filters-devel-1.28.9-6.oe2203sp4.x86_64.rpm cups-filters-1.28.15-5.oe2403.x86_64.rpm cups-filters-debuginfo-1.28.15-5.oe2403.x86_64.rpm cups-filters-debugsource-1.28.15-5.oe2403.x86_64.rpm cups-filters-devel-1.28.15-5.oe2403.x86_64.rpm cups-filters-1.28.15-5.oe2403sp1.x86_64.rpm cups-filters-debuginfo-1.28.15-5.oe2403sp1.x86_64.rpm cups-filters-debugsource-1.28.15-5.oe2403sp1.x86_64.rpm cups-filters-devel-1.28.15-5.oe2403sp1.x86_64.rpm cups-filters-1.28.15-5.oe2403sp2.x86_64.rpm cups-filters-debuginfo-1.28.15-5.oe2403sp2.x86_64.rpm cups-filters-debugsource-1.28.15-5.oe2403sp2.x86_64.rpm cups-filters-devel-1.28.15-5.oe2403sp2.x86_64.rpm cups-filters-1.26.1-7.oe2003sp4.x86_64.rpm cups-filters-debuginfo-1.26.1-7.oe2003sp4.x86_64.rpm cups-filters-debugsource-1.26.1-7.oe2003sp4.x86_64.rpm cups-filters-devel-1.26.1-7.oe2003sp4.x86_64.rpm cups-filters-1.28.9-6.oe2203sp3.x86_64.rpm cups-filters-debuginfo-1.28.9-6.oe2203sp3.x86_64.rpm cups-filters-debugsource-1.28.9-6.oe2203sp3.x86_64.rpm cups-filters-devel-1.28.9-6.oe2203sp3.x86_64.rpm cups-filters-help-1.28.9-6.oe2203sp4.noarch.rpm cups-filters-help-1.28.15-5.oe2403.noarch.rpm cups-filters-help-1.28.15-5.oe2403sp1.noarch.rpm cups-filters-help-1.28.15-5.oe2403sp2.noarch.rpm cups-filters-help-1.26.1-7.oe2003sp4.noarch.rpm cups-filters-help-1.28.9-6.oe2203sp3.noarch.rpm cups-filters-1.28.9-6.oe2203sp4.aarch64.rpm cups-filters-debuginfo-1.28.9-6.oe2203sp4.aarch64.rpm cups-filters-debugsource-1.28.9-6.oe2203sp4.aarch64.rpm cups-filters-devel-1.28.9-6.oe2203sp4.aarch64.rpm cups-filters-1.28.15-5.oe2403.aarch64.rpm cups-filters-debuginfo-1.28.15-5.oe2403.aarch64.rpm cups-filters-debugsource-1.28.15-5.oe2403.aarch64.rpm cups-filters-devel-1.28.15-5.oe2403.aarch64.rpm cups-filters-1.28.15-5.oe2403sp1.aarch64.rpm cups-filters-debuginfo-1.28.15-5.oe2403sp1.aarch64.rpm cups-filters-debugsource-1.28.15-5.oe2403sp1.aarch64.rpm cups-filters-devel-1.28.15-5.oe2403sp1.aarch64.rpm cups-filters-1.28.15-5.oe2403sp2.aarch64.rpm cups-filters-debuginfo-1.28.15-5.oe2403sp2.aarch64.rpm cups-filters-debugsource-1.28.15-5.oe2403sp2.aarch64.rpm cups-filters-devel-1.28.15-5.oe2403sp2.aarch64.rpm cups-filters-1.26.1-7.oe2003sp4.aarch64.rpm cups-filters-debuginfo-1.26.1-7.oe2003sp4.aarch64.rpm cups-filters-debugsource-1.26.1-7.oe2003sp4.aarch64.rpm cups-filters-devel-1.26.1-7.oe2003sp4.aarch64.rpm cups-filters-1.28.9-6.oe2203sp3.aarch64.rpm cups-filters-debuginfo-1.28.9-6.oe2203sp3.aarch64.rpm cups-filters-debugsource-1.28.9-6.oe2203sp3.aarch64.rpm cups-filters-devel-1.28.9-6.oe2203sp3.aarch64.rpm CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package. In CUPS-Filters versions up to and including 1.28.17 and libcupsfilters versions 2.0.0 through 2.1.1, the imagetoraster filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. An attacker must issue a print job with a crafted TIFF file and control the bytes-per-pixel value of the output format. The vulnerability exists in both CUPS-Filters 1.x and libcupsfilters 2.x. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa. 2025-11-22 CVE-2025-57812 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 Low 3.7 AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N cups-filters security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2719 cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large. Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18. 2025-11-22 CVE-2025-64503 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L cups-filters security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2719