mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-02 13:59:59 +00:00
Code Issues Projects Releases Wiki Activity

libcupsfilters: patch CVE-2025-64503

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503

Pick the patch that explicitly refernces the CVE ID in its message.
(The NVD advisory mentions only the cups-filters patch, but
the developer indicated the CVE ID in the libcupsfilters patch also)

Between this recipe version and the patch the project has decided to
eliminate c++ from the project, and use c only. The patch however
is straightforward enough that it could be backported with very small
modifications.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-02-02 17:37:09 +01:00
committed by Khem Raj
parent 1a31d20cea
commit 5a74edf28b
2 changed files with 51 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch
+47
View File
@@ -0,0 +1,47 @@
From da9a7db3b9125c87b11c43b05354ca2eb21ed684 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 10 Nov 2025 21:10:56 +0100
Subject: [PATCH] Fix out-of-bounds write in cfFilterPDFToRaster()
From: Till Kamppeter <till.kamppeter@gmail.com>
PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated.
Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m
https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
Fixes CVE-2025-64503
CVE: CVE-2025-64503
Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
cupsfilters/pdftoraster.cxx | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx
index 0235b54..09583df 100644
--- a/cupsfilters/pdftoraster.cxx
+++ b/cupsfilters/pdftoraster.cxx
@@ -1606,6 +1606,20 @@ out_page(pdftoraster_doc_t *doc,
l = inputPageBox.height();
if (l < 0)
l = -l;
+
+ //
+ // Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt
+ // https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
+ //
+ if (doc->header.cupsPageSize[0] > 14400) {
+ fprintf(stderr, "ERROR: Page width is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[0]);
+ doc->header.cupsPageSize[0] = 14400;
+ }
+ if (doc->header.cupsPageSize[1] > 14400) {
+ fprintf(stderr, "ERROR: Page height is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[1]);
+ doc->header.cupsPageSize[1] = 14400;
+ }
+
if (rotate == 90 || rotate == 270)
doc->header.cupsPageSize[0] = l;
else
meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb
+3 -3
View File
@@ -5,10 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aab2024bd2a475438a154cd1640c9684"
DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff" DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff"
SRC_URI = " \ SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
" file://CVE-2025-64503.patch \
"
SRC_URI[sha256sum] = "6c303e36cfde05a6c88fb940c62b6a18e7cdbfb91f077733ebc98f104925ce36" SRC_URI[sha256sum] = "6c303e36cfde05a6c88fb940c62b6a18e7cdbfb91f077733ebc98f104925ce36"
inherit autotools gettext pkgconfig github-releases inherit autotools gettext pkgconfig github-releases