SB2025012830 - Multiple vulnerabilities in Canon USA Office/Small Office Multifunction Printers and Laser Printers
Published: January 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2024-12647)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within CPCA font download processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2024-12648)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within TIFF data EXIF tag processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2024-12649)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within XPS data font processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://jvn.jp/en/vu/JVNVU93455283/index.html"
- https://jvn.jp/en/vu/JVNVU93455283/index.html</a></p><p><a
- https://psirt.canon/advisory-information/cp2025-001/"
- https://psirt.canon/advisory-information/cp2025-001/</a></p><p>
- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers</p><p><br></p><p><br></p>