cups-filters: patch CVE-2025-57812

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57812 Backport the patch that is referenced by te nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2025-12-25 13:51:36 +01:00 · 2025-12-25 13:51:36 +01:00 · 16f6b4287c
commit 16f6b4287c
parent 4da4c6547c
2 changed files with 130 additions and 1 deletions
--- a/meta-oe/recipes-printing/cups/cups-filters.inc
+++ b/meta-oe/recipes-printing/cups/cups-filters.inc
@ -9,7 +9,9 @@ SECTION = "console/utils"
 DEPENDS = "cups glib-2.0 glib-2.0-native dbus dbus-glib lcms ghostscript poppler qpdf libpng"
 DEPENDS:class-native = "poppler-native glib-2.0-native dbus-native pkgconfig-native gettext-native libpng-native"

-SRC_URI = "http://openprinting.org/download/cups-filters/cups-filters-${PV}.tar.gz"
+SRC_URI = "http://openprinting.org/download/cups-filters/cups-filters-${PV}.tar.gz \
+           file://CVE-2025-57812.patch \
+           "

 inherit autotools-brokensep gettext pkgconfig

--- a/meta-oe/recipes-printing/cups/cups-filters/CVE-2025-57812.patch
+++ b/meta-oe/recipes-printing/cups/cups-filters/CVE-2025-57812.patch
@ -0,0 +1,127 @@
+From c21664d57ebecb2c6ed05b38b1c39995ab14e916 Mon Sep 17 00:00:00 2001
+From: zdohnal <zdohnal@redhat.com>
+Date: Mon, 10 Nov 2025 18:58:31 +0100
+Subject: [PATCH] Merge commit from fork
+
+* Fix heap-buffer overflow write in cfImageLut
+
+1. fix for CVE-2025-57812
+
+* Reject color images with 1 bit per sample
+
+2. fix for CVE-2025-57812
+
+* Reject images where the number of samples does not correspond with the color space
+
+3. fix for CVE-2025-57812
+
+* Reject images with planar color configuration
+
+4. fix for CVE-2025-57812
+
+* Reject images with vertical scanlines
+
+5.  fix for CVE-2025-57812
+
+---------
+
+Co-authored-by: Till Kamppeter <till.kamppeter@gmail.com>
+CVE: CVE-2025-57812
+Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ cupsfilters/image-tiff.c | 46 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 45 insertions(+), 1 deletion(-)
+
+diff --git a/cupsfilters/image-tiff.c b/cupsfilters/image-tiff.c
+index 4fd8756..b34c1ef 100644
+--- a/cupsfilters/image-tiff.c
+++ b/cupsfilters/image-tiff.c
+@@ -43,6 +43,7 @@ _cupsImageReadTIFF(
+   TIFF		*tif;			/* TIFF file */
+   uint32	width, height;		/* Size of image */
+   uint16	photometric,		/* Colorspace */
+		planar,			/* Color components in separate planes */
+ 		compression,		/* Type of compression */
+ 		orientation,		/* Orientation */
+ 		resunit,		/* Units for resolution */
+@@ -115,6 +116,15 @@ _cupsImageReadTIFF(
+     return (-1);
+   }
+ 
+  if (TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &planar) &&
+      planar == PLANARCONFIG_SEPARATE)
+  {
+    fputs("DEBUG: Images with planar color configuration are not supported!\n", stderr);
+    TIFFClose(tif);
+    fclose(fp);
+    return (1);
+  }
+
+   if (!TIFFGetField(tif, TIFFTAG_COMPRESSION, &compression))
+   {
+     fputs("DEBUG: No compression tag in the file!\n", stderr);
+@@ -129,6 +139,15 @@ _cupsImageReadTIFF(
+   if (!TIFFGetField(tif, TIFFTAG_BITSPERSAMPLE, &bits))
+     bits = 1;
+ 
+  if (bits == 1 && samples > 1)
+  {
+    fprintf(stderr, "ERROR: Color images with 1 bit per sample not supported! "
+                    "Samples per pixel: %d; Bits per sample: %d\n", samples, bits);
+    TIFFClose(tif);
+    fclose(fp);
+    return (1);
+  }
+
+  /*
+   * Get the image orientation...
+   */
+@@ -181,6 +200,23 @@ _cupsImageReadTIFF(
+   else
+     alpha = 0;
+ 
+  //
+  // Check whether number of samples per pixel corresponds with color space
+  //
+
+  if ((photometric == PHOTOMETRIC_RGB && (samples < 3 || samples > 4)) ||
+      (photometric == PHOTOMETRIC_SEPARATED && samples != 4))
+  {
+    fprintf(stderr, "DEBUG: Number of samples per pixel does not correspond to color space! "
+                    "Color space: %s; Samples per pixel: %d\n",
+                    (photometric == PHOTOMETRIC_RGB ? "RGB" :
+                     (photometric == PHOTOMETRIC_SEPARATED ? "CMYK" : "Unknown")),
+                    samples);
+    TIFFClose(tif);
+    fclose(fp);
+    return (1);
+  }
+
+  /*
+   * Check the size of the image...
+   */
+@@ -253,6 +289,14 @@ _cupsImageReadTIFF(
+         break;
+   }
+ 
+  if (orientation >= ORIENTATION_LEFTTOP)
+  {
+    fputs("ERROR: TIFF files with vertical scanlines are not supported!\n", stderr);
+    TIFFClose(tif);
+    fclose(fp);
+    return (-1);
+  }
+
+   switch (orientation)
+   {
+     case ORIENTATION_TOPRIGHT :
+@@ -1455,7 +1499,7 @@ _cupsImageReadTIFF(
+ 	      }
+ 
+ 	      if (lut)
+-	        cupsImageLut(out, img->xsize * 3, lut);
+	        cupsImageLut(out, img->xsize * bpp, lut);
+ 
+               _cupsImagePutRow(img, 0, y, img->xsize, out);
+             }