Main Vulnerability Database SB2025120406

SB2025120406 - SUSE update for cups

Published: December 4, 2025

Security Bulletin ID SB2025120406

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2025-58436)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling delays. A local user can send slow messages to cupsd with a delay of 1 byte per second, causing the daemon to consume excessive resources.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20254319-1/

Vulnerable Software

Basesystem Module: 15-SP6 - 15-SP7
Desktop Applications Module: 15-SP6 - 15-SP7
Development Tools Module: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP6 - SP7
SUSE Linux Enterprise Server 15: SP6 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
openSUSE Leap: 15.6
SUSE Linux Enterprise Micro: 5.2 - 5.5
SUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4
libcupscgi1-32bit-debuginfo: before 2.2.7-150000.3.80.1
libcups2-32bit: before 2.2.7-150000.3.80.1
libcupsppdc1-32bit-debuginfo: before 2.2.7-150000.3.80.1
libcupsppdc1-32bit: before 2.2.7-150000.3.80.1
libcups2-32bit-debuginfo: before 2.2.7-150000.3.80.1
libcupsimage2-32bit-debuginfo: before 2.2.7-150000.3.80.1
libcupsmime1-32bit: before 2.2.7-150000.3.80.1
libcupscgi1-32bit: before 2.2.7-150000.3.80.1
cups-devel-32bit: before 2.2.7-150000.3.80.1
libcupsimage2-32bit: before 2.2.7-150000.3.80.1
libcupsmime1-32bit-debuginfo: before 2.2.7-150000.3.80.1
cups-ddk: before 2.2.7-150000.3.80.1
cups-debugsource: before 2.2.7-150000.3.80.1
libcupsppdc1-debuginfo: before 2.2.7-150000.3.80.1
cups-devel: before 2.2.7-150000.3.80.1
libcupsimage2-debuginfo: before 2.2.7-150000.3.80.1
libcupsppdc1: before 2.2.7-150000.3.80.1
libcupsmime1: before 2.2.7-150000.3.80.1
libcupsmime1-debuginfo: before 2.2.7-150000.3.80.1
libcups2-debuginfo: before 2.2.7-150000.3.80.1
libcupscgi1: before 2.2.7-150000.3.80.1
libcups2: before 2.2.7-150000.3.80.1
libcupsimage2: before 2.2.7-150000.3.80.1
cups-debuginfo: before 2.2.7-150000.3.80.1
cups-client: before 2.2.7-150000.3.80.1
cups-client-debuginfo: before 2.2.7-150000.3.80.1
libcupscgi1-debuginfo: before 2.2.7-150000.3.80.1
cups-ddk-debuginfo: before 2.2.7-150000.3.80.1
cups-config: before 2.2.7-150000.3.80.1
cups: before 2.2.7-150000.3.80.1