CVE-2025-57812: https://www.openwall.com/lists/oss-security/2025/11/12/1 CVE-2025-64503: https://www.openwall.com/lists/oss-security/2025/11/12/2
Source RPM: (none) => libcupsfilters-2.1.1-3.mga10.src.rpm, cups-filters-1.28.16-6.1.mga9.src.rpmStatus comment: (none) => Patches available from upstreamCVE: (none) => CVE-2025-57812, CVE-2025-64503Whiteboard: (none) => MGA9TOO
From the excellent Openwall links: CVE-2025-57812 -------------- The fixes are present in libcupsfilters project as commits: https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f17628178 and in cups-filters 1.x (cups-filters project before split which happened in version 2.x, which moved library code into libcupsfilters): [These 5 patches are indeed different, each for a given reason] https://github.com/OpenPrinting/cups-filters/commit/5122052dd8f06949242099401c59f6c3b14e61c3 Reject images with vertical scanlines https://github.com/OpenPrinting/cups-filters/commit/cb927006747b797aa9163cd0cbd41b9bbdf05db0 Reject images with planar color configuration https://github.com/OpenPrinting/cups-filters/commit/719c557c9a29db32b855e6e108d7f4e7c5397613 Reject images where the number of samples does not correspond with the color space https://github.com/OpenPrinting/cups-filters/commit/7bd588a1fc5c99ac0b1951beb1b54b438137a7b5 Reject color images with 1 bit per sample https://github.com/OpenPrinting/cups-filters/commit/5e5f1c5d46a043c57cbbe6e043aa95896d9c40fa Fix heap-buffer overflow write in cfImageLut CVE-2025-64503 -------------- The fix lies in libcupsfilters: https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865 and in cups-filters 1.x (which contains libcupsfilters library before 2.x): https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f Assigning globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`. (CVE-2025-57812) cups-filters 1.x: out of bounds write in pdftoraster. (CVE-2025-64503) References: https://www.openwall.com/lists/oss-security/2025/11/12/1 https://www.openwall.com/lists/oss-security/2025/11/12/2 ======================== Updated packages in core/updates_testing: ======================== cups-filters-1.28.16-6.2.mga9 lib(64)cups-filters-devel-1.28.16-6.2.mga9 lib(64)cups-filters1-1.28.16-6.2.mga9 from SRPM: cups-filters-1.28.16-6.2.mga9.src.rpm
Source RPM: libcupsfilters-2.1.1-3.mga10.src.rpm, cups-filters-1.28.16-6.1.mga9.src.rpm => cups-filters-1.28.16-6.1.mga9.src.rpmVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Assignee: pkg-bugs => qa-bugsStatus comment: Patches available from upstream => (none)Status: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 server Plasma Wayaland on Compaq H000SB. No installation issues. Wifi printer HP Envy 6022 in network. Removed the printer from MCC, pointed to localhost:631, logged in as root, and had the printer detected. Choose cupsfilter for the device and changed printer options Seemed to work OK, checked in MCC, all OK.
CC: (none) => herman.viaene
MGA9-64 Plasma, i5-7500, nvidia Quadro k620 graphics, HP Color Laserjet M254dw printer, also cups-pdf virtual printer. No installation issues. Loaded a photo into Gwenview, printed it on the Laserjet, no issues. Printed a pdf to the desktop with cups-pdf, then loaded the result into Okular, printed it to the Laserjet, with no issues. Finally, used the print-to-file option to print yet another pdf of the photo, then loaded that into Okular, again with no issues. Looks good here,too. OKing and validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0304.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED