Fluid Attacks Database

Description

A flaw was found in cups-filters. This vulnerability allows a heap buffer overflow and memory corruption, potentially leading to arbitrary code execution or a Denial of Service, via an unvalidated length parameter in the CompressData function of the rastertopclx filter. This can be exploited by an attacker with permissions to install a printer with a PPD (PostScript Printer Description) file or remotely via the CUPS (Common Unix Printing System) web interface.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	cups-filters	=1.28.17-6 \|\| >=0 <1.28.17-7	1.28.17-7
debian 11	cups-filters	=1.28.7-1 \|\| =1.28.7-1+deb11u1 \|\| =1.28.7-1+deb11u2 \|\| =1.28.7-1+deb11u3 \|\| >=0 <1.28.7-1+deb11u4	1.28.7-1+deb11u4
debian 13	cups-filters	=1.28.17-6 \|\| >=0 <1.28.17-6+deb13u1	1.28.17-6+deb13u1
debian 12	cups-filters	=1.28.17-3 \|\| =1.28.17-3+deb12u1 \|\| >=0 <1.28.17-3+deb12u2	1.28.17-3+deb12u2
rpm rhel9	cups-filters	-	-
rpm rhel10	cups-filters	-	-
rpm rhel7	cups-filters	-	-
rpm rhel8	cups-filters	-	-

Aliases

1. CVE-2025-645242. NVD-2025-645243. OSV-DEBIAN-2025-645244. OSV-2025-645245. SECURITY-TRACKER-CVE-2025-64524

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.