Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-rcep-az2v-1yab

Summary cups-filters: cups-filters: Heap buffer overflow in rastertopclx filter may lead arbitrary code execution

Aliases

alias	CVE-2025-64524

Fixed_packages

url	pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u4?distro=trixie
purl	pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u4%3Fdistro=trixie

url	pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-3%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2
purl	pkg:deb/debian/cups-filters@1.28.17-3%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-3%252Bdeb12u2

url	pkg:deb/debian/cups-filters@1.28.17-6%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/cups-filters@1.28.17-6%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-6%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/cups-filters@1.28.17-7?distro=trixie
purl	pkg:deb/debian/cups-filters@1.28.17-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.17-7%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/cups-filters@1.0.18-2.1%2Bdeb7u2

purl pkg:deb/debian/cups-filters@1.0.18-2.1%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3317-h26p-43ef

vulnerability	VCID-39f1-22a5-c7aw

vulnerability	VCID-4bxg-5tnm-y3hw

vulnerability	VCID-581d-k9k6-rke4

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-843p-8xve-nfer

vulnerability	VCID-8vd7-dfbu-23d4

vulnerability	VCID-9dsn-96eh-bbh4

vulnerability	VCID-bgm5-bmfa-yugq

vulnerability	VCID-cne2-7ev5-abgv

vulnerability	VCID-dvvu-6p49-vbhz

vulnerability	VCID-ed99-uccv-d7bh

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-mcmb-bvw9-dba5

vulnerability	VCID-rcep-az2v-1yab

vulnerability	VCID-uz2u-k3vm-w3c2

vulnerability	VCID-vunm-ehd2-yugs

vulnerability	VCID-vzgv-8drt-8yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.18-2.1%252Bdeb7u2

url pkg:deb/debian/cups-filters@1.0.61-5

purl pkg:deb/debian/cups-filters@1.0.61-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3317-h26p-43ef

vulnerability	VCID-39f1-22a5-c7aw

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-9dsn-96eh-bbh4

vulnerability	VCID-ed99-uccv-d7bh

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-rcep-az2v-1yab

vulnerability	VCID-uz2u-k3vm-w3c2

vulnerability	VCID-vzgv-8drt-8yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.61-5

url pkg:deb/debian/cups-filters@1.0.61-5%2Bdeb8u3

purl pkg:deb/debian/cups-filters@1.0.61-5%2Bdeb8u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3317-h26p-43ef

vulnerability	VCID-39f1-22a5-c7aw

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-9dsn-96eh-bbh4

vulnerability	VCID-ed99-uccv-d7bh

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-rcep-az2v-1yab

vulnerability	VCID-uz2u-k3vm-w3c2

vulnerability	VCID-vzgv-8drt-8yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.0.61-5%252Bdeb8u3

url pkg:deb/debian/cups-filters@1.11.6-3%2Bdeb9u1

purl pkg:deb/debian/cups-filters@1.11.6-3%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-rcep-az2v-1yab

vulnerability	VCID-vzgv-8drt-8yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.11.6-3%252Bdeb9u1

url pkg:deb/debian/cups-filters@1.21.6-5

purl pkg:deb/debian/cups-filters@1.21.6-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-rcep-az2v-1yab

vulnerability	VCID-vzgv-8drt-8yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.21.6-5

url pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2

purl pkg:deb/debian/cups-filters@1.28.7-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6qd1-jvb8-jqak

vulnerability	VCID-7xq5-z572-xub3

vulnerability	VCID-f6n6-k5ye-3ugq

vulnerability	VCID-jvcy-2qyh-jqg4

vulnerability	VCID-rcep-az2v-1yab

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups-filters@1.28.7-1%252Bdeb11u2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64524.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64524.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64524

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06259
published_at	2026-04-21T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06351
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09791
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09865
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09873
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09837
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09821
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09703
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09841
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09742
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09813
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64524

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2414780
reference_id	2414780
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2414780

reference_url

https://github.com/OpenPrinting/cups-filters/commit/956283c74a34ae924266a2a63f8e5f529a1abd06

reference_id

956283c74a34ae924266a2a63f8e5f529a1abd06

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T16:06:45Z/

url

https://github.com/OpenPrinting/cups-filters/commit/956283c74a34ae924266a2a63f8e5f529a1abd06

reference_url

https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv

reference_id

GHSA-rq44-2q5p-x3hv

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T16:06:45Z/

url

https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv

reference_url	https://usn.ubuntu.com/7878-1/
reference_id	USN-7878-1
reference_type
scores
url	https://usn.ubuntu.com/7878-1/

reference_url	https://usn.ubuntu.com/7878-2/
reference_id	USN-7878-2
reference_type
scores
url	https://usn.ubuntu.com/7878-2/

Weaknesses

cwe_id	120
name	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
description	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

cwe_id	122
name	Heap-based Buffer Overflow
description	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Exploits

Severity_range_score 3.3 - 6.4

Exploitability 0.5

Weighted_severity 5.8

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcep-az2v-1yab

Vulnerability Instance