CVE-2025-57812

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's imagetoraster filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the imagetoraster filter or its C-function equivalent cfFilterImageToRaster() gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is _cfImageReadTIFF() in libcupsfilters. When this function is invoked as part of cfFilterImageToRaster(), the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in _cupsImageReadTIFF(), which is called through cupsImageOpen() from the imagetoraster tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.

Database specific

{
    "cwe_ids": [
        "CWE-125",
        "CWE-787"
    ]
}

References

Affected packages

Git / github.com/openprinting/cups-filters

Affected ranges

Type

GIT

Repo

https://github.com/openprinting/cups-filters

Events

Introduced

Last affected

deceb54f7c6935683732de936364eb82c0d32dbb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "cups-filters <= 1.28.17"
        }
    ]
}

Affected versions

1.*

1.28.0

1.28.1

1.28.10

1.28.11

1.28.12

1.28.13

1.28.14

1.28.15

1.28.16

1.28.17

1.28.2

1.28.3

1.28.4

1.28.5

1.28.6

1.28.7

1.28.8

1.28.9

Other

release-1-0

release-1-0-1

release-1-0-10

release-1-0-11

release-1-0-12

release-1-0-13

release-1-0-14

release-1-0-15

release-1-0-16

release-1-0-17

release-1-0-18

release-1-0-19

release-1-0-2

release-1-0-20

release-1-0-21

release-1-0-22

release-1-0-23

release-1-0-24

release-1-0-25

release-1-0-26

release-1-0-27

release-1-0-28

release-1-0-29

release-1-0-3

release-1-0-30

release-1-0-31

release-1-0-32

release-1-0-33

release-1-0-34

release-1-0-35

release-1-0-36

release-1-0-37

release-1-0-38

release-1-0-39

release-1-0-4

release-1-0-40

release-1-0-41

release-1-0-42

release-1-0-43

release-1-0-44

release-1-0-45

release-1-0-46

release-1-0-47

release-1-0-48

release-1-0-49

release-1-0-5

release-1-0-50

release-1-0-51

release-1-0-52

release-1-0-53

release-1-0-54

release-1-0-55

release-1-0-56

release-1-0-57

release-1-0-58

release-1-0-59

release-1-0-6

release-1-0-60

release-1-0-61

release-1-0-62

release-1-0-63

release-1-0-65

release-1-0-66

release-1-0-67

release-1-0-68

release-1-0-69

release-1-0-7

release-1-0-70

release-1-0-71

release-1-0-72

release-1-0-73

release-1-0-74

release-1-0-75

release-1-0-76

release-1-0-8

release-1-0-9

release-1-0-b1

release-1-1-0

release-1-10-0

release-1-11-0

release-1-11-1

release-1-11-2

release-1-11-3

release-1-11-4

release-1-11-5

release-1-11-6

release-1-12-0

release-1-13-0

release-1-13-1

release-1-13-2

release-1-13-3

release-1-13-4

release-1-13-5

release-1-14-0

release-1-14-1

release-1-15-0

release-1-16-0

release-1-16-1

release-1-16-2

release-1-16-3

release-1-16-4

release-1-17-1

release-1-17-2

release-1-17-3

release-1-17-4

release-1-17-5

release-1-17-6

release-1-17-7

release-1-17-8

release-1-17-9

release-1-18-0

release-1-19-0

release-1-2-0

release-1-20-0

release-1-20-1

release-1-20-2

release-1-20-3

release-1-20-4

release-1-21-0

release-1-21-1

release-1-21-2

release-1-21-3

release-1-21-4

release-1-21-5

release-1-21-6

release-1-22-0

release-1-22-1

release-1-22-2

release-1-22-3

release-1-22-4

release-1-22-5

release-1-22-6

release-1-23-0

release-1-24-0

release-1-25-0

release-1-25-1

release-1-25-10

release-1-25-11

release-1-25-12

release-1-25-13

release-1-25-2

release-1-25-3

release-1-25-4

release-1-25-5

release-1-25-6

release-1-25-7

release-1-25-8

release-1-25-9

release-1-26-0

release-1-26-1

release-1-26-2

release-1-27-0

release-1-27-1

release-1-27-2

release-1-27-3

release-1-27-4

release-1-27-5

release-1-3-0

release-1-4-0

release-1-5-0

release-1-6-0

release-1-7-0

release-1-8-0

release-1-8-1

release-1-8-2

release-1-8-3

release-1-9-0

release-1-17.*

release-1-17.0

v1.*

v1.17.9

Git / github.com/openprinting/libcupsfilters

Affected ranges

Type: GIT
Repo: https://github.com/openprinting/libcupsfilters
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b69dfacec7f176281782e2f7ac44f04bf9633cfa

Affected versions

2.*

2.0.0

2.0b1

2.0b2

2.0b3

2.0b4

2.0rc1

2.0rc2

2.1.0

2.1.1

2.1b1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 28354.0,
            "function_hash": "42061243208070445012433084390695591297"
        },
        "signature_version": "v1",
        "source": "https://github.com/openprinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa",
        "target": {
            "file": "cupsfilters/image-tiff.c",
            "function": "_cfImageReadTIFF"
        },
        "id": "CVE-2025-57812-4b514f94"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "144092593580005849854924672436864359879",
                "268467096553739066157191709429381230563",
                "73408120116374618912511194460729732022",
                "259688319932037534707326190093504878263",
                "278637253073213825274842409204617117298",
                "328876288284172116653315108458453719210",
                "284318475568752388442543439574439151862",
                "35793819940051320735723399004621636386",
                "276274438708956468648106533399562029955",
                "45298253840901734379500417749883328203",
                "303718138438959447101012788654697268729",
                "287523501029936878676155523795954706719",
                "295531895687332224484492994010739423243",
                "47766084698459693366748869305166719487",
                "234595296254816083432546770438148117004",
                "24016057993650718314721635921641132991",
                "332908557626701948156169608162874374485",
                "255283499068089034843772883205291415346",
                "11202868597098166405204363879487117969",
                "187934681950567824374783233702268724098"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/openprinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa",
        "target": {
            "file": "cupsfilters/image-tiff.c"
        },
        "id": "CVE-2025-57812-57828aab"
    }
]