Out-of-Bounds Write Vulnerability in CUPS-Filter by OpenPrinting Affecting PDF Handling
CVE-2025-64503

4MEDIUM

Key Information:

Vendor

Openprinting

Status
Cups-filters
Vendor
CVE Published:
12 November 2025

What is CVE-2025-64503?

The CUPS-Filter software, essential for print service functionality on non-macos operating systems, is susceptible to a flaw when processing specifically crafted PDF files with an excessively large MediaBox width. This can lead to an overflow that allows for out-of-bounds writing to memory, potentially compromising system integrity. Specifically, the pdftoraster tool fails to allocate the correct buffer size, which opens the door for attackers to exploit this vulnerability. A patch for this issue has been implemented in version 1.28.18 of the CUPS-Filter software.

Affected Version(s)

cups-filters cups-filters < 1.28.18 < cups-filters 1.28.18

cups-filters libcupsfilters >= 2.0.0, < 2.1.2 < libcupsfilters 2.0.0, 2.1.2

References

https://github.com/OpenPrinting/cups-filters/security/adv...
x_refsource_CONFIRM
https://github.com/OpenPrinting/cups-filters/commit/50d94...
x_refsource_MISC
https://github.com/OpenPrinting/cups-filters/blob/aea8d0d...
x_refsource_MISC

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64503 : Out-of-Bounds Write Vulnerability in CUPS-Filter by OpenPrinting Affecting PDF Handling