SB2024020636 - Multiple vulnerabilities in Canon Europe Small Office Multifunction Printers and Laser Printers

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2023-6229)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA PDL Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

2) Out-of-bounds write (CVE-ID: CVE-2023-6230)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the Address Book password process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

3) Out-of-bounds write (CVE-ID: CVE-2023-6231)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WSD probe request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

4) Out-of-bounds write (CVE-ID: CVE-2023-6232)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the Address Book username process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

5) Out-of-bounds write (CVE-ID: CVE-2023-6233)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in SLP attribute request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

6) Out-of-bounds write (CVE-ID: CVE-2023-6234)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA Color LUT Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

7) Out-of-bounds write (CVE-ID: CVE-2024-0244)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA PCFAX number process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/vu/JVNVU90033405/index.html"
• https://jvn.jp/en/vu/JVNVU90033405/index.html</a></p><p><a
• https://psirt.canon/advisory-information/cp2024-001/"
• https://psirt.canon/advisory-information/cp2024-001/</a></p><p><a
• https://www.canon-europe.com/support/product-security-latest-news/"
• https://www.canon-europe.com/support/product-security-latest-news/</a></p><p>
• https://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126</p><p><br></p>