SB2025040121 - Out-of-bounds write in Canon Printer Drivers
Published: April 1, 2025
Security Bulletin ID
SB2025040121
Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2025-1268)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in EMF Recode processing. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://canon.jp/support/support-info/250328vulnerability-response
- https://psirt.canon/advisory-information/cp2025-003/
- https://www.canon-europe.com/support/product-security/
- https://www.usa.canon.com/about-us/to-our-customers/service-notice-vulnerability-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-and-laser-printers
- https://jvn.jp/en/vu/JVNVU93701955/index.html