Package: cups-filters / 1.28.17-7

Metadata

Package Version Patches format
cups-filters 1.28.17-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Force set INITDIR in configure.ac instead of relying.patch | (download)

configure.ac | 35 2 + 33 - 0 !
1 file changed, 2 insertions(+), 33 deletions(-)

 
 force-set initdir in configure.ac instead of relying on 'test -d
 /etc/init.d', which fails on s390x
0002 qpdf needs at least c 17.patch | (download)

Makefile.am | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 
 qpdf needs at least c++17
0003 fix CVE 2023 24805.patch | (download)

backend/beh.c | 107 84 + 23 - 0 !
1 file changed, 84 insertions(+), 23 deletions(-)

 
 fix cve-2023-24805
0004 CVE 2024 47076.patch | (download)

cupsfilters/ipp.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 
---
0005 CVE 2024 47176.patch | (download)

configure.ac | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 default browseremoteprotocols should not include "cups" protocol.


 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
0006 qpdf 12.patch | (download)

filter/pdf.cxx | 2 2 + 0 - 0 !
filter/pdftopdf/qpdf_pdftopdf_processor.cc | 18 9 + 9 - 0 !
filter/pdftopdf/qpdf_xobject.cc | 2 2 + 0 - 0 !
filter/rastertopdf.cpp | 4 3 + 1 - 0 !
4 files changed, 16 insertions(+), 10 deletions(-)

 
 fix build against qpdf 12
CVE 2025 57812 1.patch | (download)

cupsfilters/image-tiff.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fix heap-buffer overflow write in cfimagelut

1. fix for CVE-2025-57812
CVE 2025 57812 2.patch | (download)

cupsfilters/image-tiff.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 
 [patch] reject color images with 1 bit per sample

2. fix for CVE-2025-57812
CVE 2025 57812 3.patch | (download)

cupsfilters/image-tiff.c | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 
 [patch] reject images where the number of samples does not correspond
 with the color space

3. fix for CVE-2025-57812
CVE 2025 57812 4.patch | (download)

cupsfilters/image-tiff.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 
 [patch] reject images with planar color configuration

4. fix for CVE-2025-57812
CVE 2025 57812 5.patch | (download)

cupsfilters/image-tiff.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 
 [patch] reject images with vertical scanlines

5.  fix for CVE-2025-57812
CVE 2025 64503.patch | (download)

filter/pdftoraster.cxx | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 
 [patch] fix out-of-bounds write in pdftoraster

PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated.

Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m

https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372

Fixes CVE-2025-64503
CVE 2025 64524.patch | (download)

filter/rastertopclx.c | 25 23 + 2 - 0 !
1 file changed, 23 insertions(+), 2 deletions(-)

 
 [patch] rastertopclx.c: fix infinite loop caused by crafted file

Infinite loop happened because of crafted input raster file, which led
into heap buffer overflow of `CompressBuf` array.

Based on comments there should be always some `count` when compressing
the data, and processing of crafted file ended with offset and count
being 0.

Fixes CVE-2025-64524