Bug 2393078 (CVE-2025-58364)

Summary: CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gotiwari, mvyas, security-response-team, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the CUPS printing system’s ipp_read_io() function, which handles Internet Printing Protocol (IPP) requests. When processing specially crafted printer attribute responses, improper validation can cause a null pointer dereference. This leads to a crash in libcups, potentially disrupting printing services. Since CUPS is widely deployed on Linux systems for printer discovery and management, this issue can cause denial-of-service (DoS) across multiple machines on a local network.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2395194, 2395195    
Bug Blocks:    
Deadline: 2025-09-11   

Description OSIDB Bzimport 2025-09-04 09:57:45 UTC 
Null Pointer Dereference vulnerability in the ipp_read_io() function of the CUPS printing system. The flaw is caused by unsafe deserialization and improper validation of crafted printer attribute responses. When ippValidateAttributes() processes such responses, a null pointer dereference occurs, leading to application crash. This issue can be exploited remotely within the local subnet in default configurations, and in some cases over the network if IPP services are exposed. Exploitation requires no authentication or user interaction, allowing attackers to disrupt availability of printing services on affected systems.
Comment 1 errata-xmlrpc 2025-09-11 15:19:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:15701 https://access.redhat.com/errata/RHSA-2025:15701
Comment 2 errata-xmlrpc 2025-09-11 15:22:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:15700 https://access.redhat.com/errata/RHSA-2025:15700
Comment 3 errata-xmlrpc 2025-09-24 15:35:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:16590 https://access.redhat.com/errata/RHSA-2025:16590
Comment 4 errata-xmlrpc 2025-09-24 15:42:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:16591 https://access.redhat.com/errata/RHSA-2025:16591
Comment 5 errata-xmlrpc 2025-09-24 16:22:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:16592 https://access.redhat.com/errata/RHSA-2025:16592
Comment 10 errata-xmlrpc 2025-11-25 10:09:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:22063 https://access.redhat.com/errata/RHSA-2025:22063