Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503
Pick the patch that explicitly refernces the CVE ID in its message. (The NVD advisory mentions only the cups-filters patch, but the developer indicated the CVE ID in the libcupsfilters patch also) Between this recipe version and the patch the project has decided to eliminate c++ from the project, and use c only. The patch however is straightforward enough that it could be backported with very small modifications. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../cups/libcupsfilters/CVE-2025-64503.patch | 45 +++++++++++++++++++ .../cups/libcupsfilters_2.0.0.bb | 12 ++--- 2 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch diff --git a/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch new file mode 100644 index 0000000000..fc49c6b1f2 --- /dev/null +++ b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch @@ -0,0 +1,45 @@ +From 7b5275f86f9011ac260409e7456bf21e05541bce Mon Sep 17 00:00:00 2001 +From: Till Kamppeter <[email protected]> +Date: Mon, 10 Nov 2025 21:10:56 +0100 +Subject: [PATCH] Fix out-of-bounds write in cfFilterPDFToRaster() + +PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated. + +Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m + +https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 + +Fixes CVE-2025-64503 + +CVE: CVE-2025-64503 +Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + cupsfilters/pdftoraster.cxx | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx +index f51c41f..075c206 100644 +--- a/cupsfilters/pdftoraster.cxx ++++ b/cupsfilters/pdftoraster.cxx +@@ -1609,6 +1609,20 @@ out_page(pdftoraster_doc_t *doc, + doc->header.cupsPageSize[0] = l; + else + doc->header.cupsPageSize[1] = l; ++ ++ // ++ // Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt ++ // https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 ++ // ++ if (doc->header.cupsPageSize[0] > 14400) { ++ fprintf(stderr, "ERROR: Page width is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[0]); ++ doc->header.cupsPageSize[0] = 14400; ++ } ++ if (doc->header.cupsPageSize[1] > 14400) { ++ fprintf(stderr, "ERROR: Page height is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[1]); ++ doc->header.cupsPageSize[1] = 14400; ++ } ++ + if (rotate == 90 || rotate == 270) + { + doc->header.cupsImagingBBox[0] = diff --git a/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb b/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb index 9178829611..7c4eee95c4 100644 --- a/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb +++ b/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb @@ -5,12 +5,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aab2024bd2a475438a154cd1640c9684" DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff" -SRC_URI = " \ - https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ - file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ - file://0001-CVE-2024-47076.patch \ - file://CVE-2025-57812.patch \ -" +SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ + file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ + file://0001-CVE-2024-47076.patch \ + file://CVE-2025-57812.patch \ + file://CVE-2025-64503.patch \ + " SRC_URI[sha256sum] = "542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601" inherit autotools gettext pkgconfig github-releases
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124243): https://lists.openembedded.org/g/openembedded-devel/message/124243 Mute This Topic: https://lists.openembedded.org/mt/117686810/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
