SB2024020633 - Multiple vulnerabilities in Canon Japan Small Office Multifunction Printers and Laser Printers
Published: February 6, 2024 Updated: June 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-6229)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA PDL Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2023-6230)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Address Book password process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2023-6231)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in WSD probe request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
4) Out-of-bounds write (CVE-ID: CVE-2023-6232)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Address Book username process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
5) Out-of-bounds write (CVE-ID: CVE-2023-6233)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in SLP attribute request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
6) Out-of-bounds write (CVE-ID: CVE-2023-6234)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA Color LUT Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
7) Out-of-bounds write (CVE-ID: CVE-2024-0244)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA PCFAX number process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://psirt.canon/advisory-information/cp2024-001/
- https://canon.jp/support/support-info/240205vulnerability-response
- https://jvn.jp/en/vu/JVNVU90033405/index.html
- https://www.zerodayinitiative.com/advisories/ZDI-24-089/
- https://www.zerodayinitiative.com/advisories/ZDI-24-090/
- https://www.zerodayinitiative.com/advisories/ZDI-24-091/
- https://www.zerodayinitiative.com/advisories/ZDI-24-092/
- https://www.zerodayinitiative.com/advisories/ZDI-24-093/
- https://www.zerodayinitiative.com/advisories/ZDI-24-094/
- https://www.zerodayinitiative.com/advisories/ZDI-24-562/
- https://www.zerodayinitiative.com/advisories/ZDI-24-095/