SB2025012829 - Multiple vulnerabilities in Canon Europe Office/Small Office Multifunction Printers and Laser Printers
Published: January 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2024-12647)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within CPCA font download processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2024-12648)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within TIFF data EXIF tag processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2024-12649)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within XPS data font processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://jvn.jp/en/vu/JVNVU93455283/index.html
- https://psirt.canon/advisory-information/cp2025-001/
- https://www.canon-europe.com/support/product-security/#news
- https://jvn.jp/en/vu/JVNVU93455283/index.html"
- https://jvn.jp/en/vu/JVNVU93455283/index.html</a></p><p><a
- https://psirt.canon/advisory-information/cp2025-001/"
- https://psirt.canon/advisory-information/cp2025-001/</a></p><p>
- https://www.canon-europe.com/support/product-security/#news</p><p><br></p>