The vulnerability CVE-2025-64503 is an out-of-bounds write in the cups-filters package, specifically in the pdftoraster tool used by the CUPS printing system on operating systems other than macOS. The root cause is an integer overflow in the calculation of bytesPerLine when processing a crafted PDF file with a large MediaBox width value. The MediaBox defines the printable area in a PDF, and an attacker can manipulate its width to an excessively large value. This causes the variable header.cupsWidth to become large, and the calculation bytesPerLine = (header.cupsBitsPerPixel * header.cupsWidth + 7) / 8 overflows, resulting in a smaller-than-expected bytesPerLine. Consequently, the buffer lineBuf is allocated with insufficient size. Later, the function convertLineChunked calls writePixel8, which writes pixel data beyond the allocated buffer boundary, causing an out-of-bounds write. This can lead to memory corruption, crashes, or undefined behavior in the printing service. The vulnerability affects cups-filters versions prior to 1.28.18 and libcupsfilters versions from 2.0.0 up to 2.1.2. The maintainers patched the issue by adding proper overflow checks and correcting buffer allocation in commit 50d94ca0f2fa6177613c97c59791bde568631865, included in cups-filters 1.28.18. The CVSS v3.1 score is 4.0 (medium), reflecting local attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. No known exploits have been reported in the wild to date.

For European organizations, this vulnerability primarily poses a risk to the availability and stability of printing services running on Linux or Unix systems using vulnerable cups-filters versions. Exploitation could allow an attacker with local access to submit a malicious PDF file that triggers a crash or denial-of-service in the printing pipeline, potentially disrupting business operations that rely on printing. While confidentiality and integrity impacts are not evident, the loss of printing availability can affect administrative, operational, and compliance workflows, especially in sectors like government, finance, healthcare, and manufacturing where printed documentation remains critical. Organizations with centralized print servers or shared network printers are particularly at risk, as a single exploit could impact multiple users. The lack of required privileges lowers the barrier for exploitation in multi-user environments. Although no remote exploitation is indicated, insider threats or compromised endpoints could leverage this flaw. The medium severity rating suggests moderate urgency but should not be ignored given the essential nature of printing services in many European enterprises.

European organizations should immediately upgrade cups-filters to version 1.28.18 or later and libcupsfilters to 2.1.2 or later to apply the official patch that addresses the integer overflow and buffer allocation issues. Until upgrades can be performed, restrict local access to printing services and limit PDF submissions to trusted users to reduce exposure. Implement monitoring and alerting on printing service crashes or abnormal behavior that could indicate exploitation attempts. Employ application whitelisting or sandboxing for the pdftoraster tool to contain potential impacts. Review and harden print server configurations to minimize attack surface, including disabling unnecessary backends or filters. Conduct internal audits to identify systems running vulnerable versions and prioritize patching based on criticality. Educate users about submitting only trusted print jobs and consider network segmentation to isolate print servers from less trusted endpoints. Finally, maintain up-to-date backups of print server configurations and logs to facilitate recovery and forensic analysis if needed.