helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

cups-filters: patch CVE-2025-64503

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503

Pick the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-26 15:46:18 +01:00
parent f19f8995e2
commit c737d99e36
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meta-oe/recipes-printing/cups/cups-filters.inc
View File

@ -13,6 +13,7 @@ SRC_URI = "http://openprinting.org/download/cups-filters/cups-filters-${PV}.tar.
file://CVE-2025-57812.patch \
file://CVE-2025-64524.patch \
file://CVE-2023-24805.patch \
file://CVE-2025-64503.patch \
"
inherit autotools-brokensep gettext pkgconfig

43
meta-oe/recipes-printing/cups/cups-filters/CVE-2025-64503.patch Normal file
View File

@ -0,0 +1,43 @@
From 019bb270f0a8a1db4761e580dc7bb636c1586555 Mon Sep 17 00:00:00 2001
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Mon, 10 Nov 2025 18:31:48 +0100
Subject: [PATCH] Fix out-of-bounds write in pdftoraster
PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated.
Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m
https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
Fixes CVE-2025-64503
CVE: CVE-2025-64503
Upstream-Status: Backport [https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
filter/pdftoraster.cxx | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/filter/pdftoraster.cxx b/filter/pdftoraster.cxx
index e8af184..e6fc573 100755
--- a/filter/pdftoraster.cxx
+++ b/filter/pdftoraster.cxx
@@ -1688,6 +1688,18 @@ static void outPage(poppler::document *doc, int pageNo,
header.PageSize[0] = (unsigned)l;
else
header.PageSize[1] = (unsigned)l;
+ /*
+ Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt
+ https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
+ */
+ if (header.PageSize[0] > 14400) {
+ fprintf(stderr, "ERROR: Page width is %dpt, too large, cropping to 14400pt\n", header.PageSize[0]);
+ header.PageSize[0] = 14400;
+ }
+ if (header.PageSize[1] > 14400) {
+ fprintf(stderr, "ERROR: Page height is %dpt, too large, cropping to 14400pt\n", header.PageSize[1]);
+ header.PageSize[1] = 14400;
+ }
memset(paperdimensions, 0, sizeof(paperdimensions));
memset(margins, 0, sizeof(margins));