Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503
Pick the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../recipes-printing/cups/cups-filters.inc | 1 + .../cups/cups-filters/CVE-2025-64503.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 meta-oe/recipes-printing/cups/cups-filters/CVE-2025-64503.patch diff --git a/meta-oe/recipes-printing/cups/cups-filters.inc b/meta-oe/recipes-printing/cups/cups-filters.inc index ddd6451ccc..401ca9a9e9 100644 --- a/meta-oe/recipes-printing/cups/cups-filters.inc +++ b/meta-oe/recipes-printing/cups/cups-filters.inc @@ -13,6 +13,7 @@ SRC_URI = "http://openprinting.org/download/cups-filters/cups-filters-${PV}.tar. file://CVE-2025-57812.patch \ file://CVE-2025-64524.patch \ file://CVE-2023-24805.patch \ + file://CVE-2025-64503.patch \ " inherit autotools-brokensep gettext pkgconfig diff --git a/meta-oe/recipes-printing/cups/cups-filters/CVE-2025-64503.patch b/meta-oe/recipes-printing/cups/cups-filters/CVE-2025-64503.patch new file mode 100644 index 0000000000..32ded99d92 --- /dev/null +++ b/meta-oe/recipes-printing/cups/cups-filters/CVE-2025-64503.patch @@ -0,0 +1,43 @@ +From 019bb270f0a8a1db4761e580dc7bb636c1586555 Mon Sep 17 00:00:00 2001 +From: Till Kamppeter <[email protected]> +Date: Mon, 10 Nov 2025 18:31:48 +0100 +Subject: [PATCH] Fix out-of-bounds write in pdftoraster + +PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated. + +Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m + +https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 + +Fixes CVE-2025-64503 + +CVE: CVE-2025-64503 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + filter/pdftoraster.cxx | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/filter/pdftoraster.cxx b/filter/pdftoraster.cxx +index e8af184..e6fc573 100755 +--- a/filter/pdftoraster.cxx ++++ b/filter/pdftoraster.cxx +@@ -1688,6 +1688,18 @@ static void outPage(poppler::document *doc, int pageNo, + header.PageSize[0] = (unsigned)l; + else + header.PageSize[1] = (unsigned)l; ++ /* ++ Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt ++ https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 ++ */ ++ if (header.PageSize[0] > 14400) { ++ fprintf(stderr, "ERROR: Page width is %dpt, too large, cropping to 14400pt\n", header.PageSize[0]); ++ header.PageSize[0] = 14400; ++ } ++ if (header.PageSize[1] > 14400) { ++ fprintf(stderr, "ERROR: Page height is %dpt, too large, cropping to 14400pt\n", header.PageSize[1]); ++ header.PageSize[1] = 14400; ++ } + + memset(paperdimensions, 0, sizeof(paperdimensions)); + memset(margins, 0, sizeof(margins));
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124678): https://lists.openembedded.org/g/openembedded-devel/message/124678 Mute This Topic: https://lists.openembedded.org/mt/118012897/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
