34761 – cups-filters new security issue CVE-2025-64524

Bug 34761 - cups-filters new security issue CVE-2025-64524

Summary: cups-filters new security issue CVE-2025-64524

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-11-21 16:56 CET by Nicolas Salguero
Modified:	2025-11-24 20:09 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	cups-filters-1.28.16-6.2.mga9.src.rpm
CVE:	CVE-2025-64524
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-11-21 16:56:10 CET

Reference: https://www.openwall.com/lists/oss-security/2025/11/20/1

Patch for 1.x:
https://github.com/OpenPrinting/cups-filters/commit/b03866fd2e251a6d822a5e8c807c8d47b4d2dce2

Patch for 2.x:
https://github.com/OpenPrinting/cups-filters/commit/0fe46c511e81062575b05936f804eb18c9f0a011

Nicolas Salguero 2025-11-21 16:56:43 CET

CVE: (none) => CVE-2025-64524
Status comment: (none) => Patches available from upstream
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => cups-filters-2.0.1-2.mga10.src.rpm, cups-filters-1.28.16-6.2.mga9.src.rpm

Comment 1 Nicolas Salguero 2025-11-21 17:08:46 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

CUPS rastertopclx Filter Vulnerable to Heap Buffer Overflow Leading to Potential Arbitrary Code Execution. (CVE-2025-64524)

References:
https://www.openwall.com/lists/oss-security/2025/11/20/1
========================

Updated packages in core/updates_testing:
========================
cups-filters-1.28.16-6.3.mga9
lib(64)cups-filters-devel-1.28.16-6.3.mga9
lib(64)cups-filters1-1.28.16-6.3.mga9

from SRPM:
cups-filters-1.28.16-6.3.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED
Status comment: Patches available from upstream => (none)
Whiteboard: MGA9TOO => (none)
Source RPM: cups-filters-2.0.1-2.mga10.src.rpm, cups-filters-1.28.16-6.2.mga9.src.rpm => cups-filters-1.28.16-6.2.mga9.src.rpm
Version: Cauldron => 9

Comment 2 Herman Viaene 2025-11-22 15:58:31 CET

MGA9-64 server Plasma Wayland on Compaq H000SB.
First deleted existing HP Envy 6022 AllinOne using MCC, then installed the updates, no issues there.
Then used MCC to add the printer again, no problem.
Checked scanner function with simplescan, works OK.
Waiting for someone with other hardware.

CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2025-11-24 15:56:58 CET

MGA9-64 Plasma. No installation issues.

Tested this time with my HP Color Laserjet M254dw and my HP Envy Photo 7858 all-in-one printer. The Laserjet is networked via Ethernet, and the 7858 via wifi.

I tried printing an image from Gwenview to the 7858 first. It printed perfectly, which surprised me because it had been months since I printed anything with it. I had expected the aftermarket ink cartridges to be all dried up, but it was as if I had used it yesterday.

Then I printed the same image with my Laserjet, again from Gwenview. It also printed perfectly, but again I was surprised because it was with a bit better quality than the 7858.

I scanned the Laserjet print with the 7858 using Xsane, and again it worked as expected.

Everything looks good here, giving this the OK and validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK

katnatek 2025-11-24 18:52:13 CET

Keywords: (none) => advisory

Comment 4 Mageia Robot 2025-11-24 20:09:25 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0312.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.