{"url":"http://public2.vulnerablecode.io/api/packages/101535?format=json","purl":"pkg:deb/debian/libcupsfilters@2.1.1-2?distro=trixie","type":"deb","namespace":"debian","name":"libcupsfilters","version":"2.1.1-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65614?format=json","vulnerability_id":"VCID-1zq1-98wu-q3dn","summary":"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47076","reference_id":"","reference_type":"","scores":[{"value":"0.75847","scoring_system":"epss","scoring_elements":"0.98928","published_at":"2026-06-09T12:55:00Z"},{"value":"0.75847","scoring_system":"epss","scoring_elements":"0.9893","published_at":"2026-06-07T12:55:00Z"},{"value":"0.75847","scoring_system":"epss","scoring_elements":"0.98931","published_at":"2026-06-06T12:55:00Z"},{"value":"0.75847","scoring_system":"epss","scoring_elements":"0.98929","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082821","reference_id":"1082821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082821"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082827","reference_id":"1082827","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314253","reference_id":"2314253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314253"},{"reference_url":"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I","reference_id":"Attacking-UNIX-systems-via-CUPS-Part-I","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"},{"reference_url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6","reference_id":"GHSA-7xfx-47qg-grp6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47","reference_id":"GHSA-p9rh-jxmq-gq47","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"},{"reference_url":"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8","reference_id":"GHSA-rj88-6mr5-rcw8","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5","reference_id":"GHSA-w63j-6g73-wmg5","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7346","reference_id":"RHSA-2024:7346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7461","reference_id":"RHSA-2024:7461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7462","reference_id":"RHSA-2024:7462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7463","reference_id":"RHSA-2024:7463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7503","reference_id":"RHSA-2024:7503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7504","reference_id":"RHSA-2024:7504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7506","reference_id":"RHSA-2024:7506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7551","reference_id":"RHSA-2024:7551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7553","reference_id":"RHSA-2024:7553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7623","reference_id":"RHSA-2024:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7623"},{"reference_url":"https://usn.ubuntu.com/7043-1/","reference_id":"USN-7043-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7043-1/"},{"reference_url":"https://usn.ubuntu.com/7043-4/","reference_id":"USN-7043-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7043-4/"},{"reference_url":"https://usn.ubuntu.com/7044-1/","reference_id":"USN-7044-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7044-1/"},{"reference_url":"https://www.cups.org","reference_id":"www.cups.org","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:59:05Z/"}],"url":"https://www.cups.org"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101536?format=json","purl":"pkg:deb/debian/libcupsfilters@2.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101537?format=json","purl":"pkg:deb/debian/libcupsfilters@2.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101535?format=json","purl":"pkg:deb/debian/libcupsfilters@2.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.1.1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-47076"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zq1-98wu-q3dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65617?format=json","vulnerability_id":"VCID-dx41-kx6b-dycz","summary":"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files.  While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3.  When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the `imagetoraster` filter or its C-function equivalent `cfFilterImageToRaster()` gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is `_cfImageReadTIFF() in libcupsfilters`. When this function is invoked as part of `cfFilterImageToRaster()`, the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in `_cupsImageReadTIFF()`, which is called through `cupsImageOpen()` from the `imagetoraster` tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57812.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57812","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06794","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06787","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0793","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07911","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120703","reference_id":"1120703","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120703"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120704","reference_id":"1120704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414632","reference_id":"2414632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414632"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa","reference_id":"b69dfacec7f176281782e2f7ac44f04bf9633cfa","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4","reference_id":"GHSA-jpxg-qc2c-hgv4","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/blob/33421982e10f6a14bc0bab03b80c9cf4660e8d7d/cupsfilters/image-tiff.c#L32","reference_id":"image-tiff.c#L32","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/blob/33421982e10f6a14bc0bab03b80c9cf4660e8d7d/cupsfilters/image-tiff.c#L32"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/cupsfilters/image-tiff.c#L34","reference_id":"image-tiff.c#L34","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/cupsfilters/image-tiff.c#L34"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/filter/imagetoraster.c#L613","reference_id":"imagetoraster.c#L613","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/filter/imagetoraster.c#L613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"},{"reference_url":"https://usn.ubuntu.com/7877-1/","reference_id":"USN-7877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7877-1/"},{"reference_url":"https://usn.ubuntu.com/7878-1/","reference_id":"USN-7878-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7878-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101537?format=json","purl":"pkg:deb/debian/libcupsfilters@2.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101535?format=json","purl":"pkg:deb/debian/libcupsfilters@2.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.1.1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-57812"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx41-kx6b-dycz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65618?format=json","vulnerability_id":"VCID-p19w-sxpq-pygs","summary":"cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s `pdftoraster` tool to write beyond the bounds of an array. First, a PDF with a large `MediaBox` width value causes `header.cupsWidth` to become large.  Next, the calculation of `bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows, resulting in a small value. Then, `lineBuf` is allocated with the small `bytesPerLine` size. Finally, `convertLineChunked` calls `writePixel8`, which attempts to write to `lineBuf` outside of its buffer size (out of bounds write). In libcupsfilters, the maintainers found the same `bytesPerLine` multiplication without overflow check, but the provided test case does not cause an overflow there, because the values are different. Commit 50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is incorporated into cups-filters version 1.28.18.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64503.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64503","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10135","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10122","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10152","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14281","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14259","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120697","reference_id":"1120697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120697"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120698","reference_id":"1120698","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414705","reference_id":"2414705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414705"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865","reference_id":"50d94ca0f2fa6177613c97c59791bde568631865","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9","reference_id":"GHSA-893j-2wr2-wrh9","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620","reference_id":"pdftoraster.cxx#L1620","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790","reference_id":"pdftoraster.cxx#L1790","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880","reference_id":"pdftoraster.cxx#L1880","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"},{"reference_url":"https://usn.ubuntu.com/7877-1/","reference_id":"USN-7877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7877-1/"},{"reference_url":"https://usn.ubuntu.com/7878-1/","reference_id":"USN-7878-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7878-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101537?format=json","purl":"pkg:deb/debian/libcupsfilters@2.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101535?format=json","purl":"pkg:deb/debian/libcupsfilters@2.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.1.1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-64503"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p19w-sxpq-pygs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcupsfilters@2.1.1-2%3Fdistro=trixie"}