CVE-2025-57812: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-57812 affects CUPS-Filters, a standards-based open-source printing system, and its library component libcupsfilters. The vulnerability was discovered in versions up to and including 1.28.17 of CUPS-Filters and versions 2.0.0 through 2.1.1 of libcupsfilters. The issue involves multiple TIFF-related vulnerabilities in the image processing components, including heap-buffer-overflow write in cfImageLut() and multiple out of bounds reads in _cfImageReadTIFF() (OSS Security).

The vulnerability stems from a mismatch in buffer allocation and processing in the TIFF image handling components. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the processing function is called with a size of pixels times 3. When specific inputs are provided, the bytes-per-pixel value can be set to 1, leading to out-of-bounds memory access. The vulnerability has been assigned a CVSS v3.1 score of 3.7 (Low) with the following metrics: AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N (GitHub Advisory).

The vulnerability can lead to heap buffer overflow and out-of-bounds memory access when processing TIFF files. This could potentially result in information disclosure and data integrity issues, though the impact is considered low due to the attack complexity and required conditions. The vulnerability requires an attacker to issue a print job with a specially crafted TIFF file and specific print job options (GitHub Advisory).

Patches have been released to address these vulnerabilities. The fixes are available in the libcupsfilters project through commit b69dfacec7f176281782e2f7ac44f04bf9633cfa and in cups-filters 1.x through multiple commits. Users are advised to upgrade to versions newer than 1.28.17 for CUPS-Filters and versions after 2.1.1 for libcupsfilters (OSS Security).