#VU61595 Out-of-bounds read in HP Development Company products - CVE-2022-24292

Vulnerability identifier: #VU61595

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-24292

CWE-ID: CWE-125

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
HP Color LaserJet Pro MFP M2XX
HP Color LaserJet Pro M453 - M454
HP Color LaserJet Pro MFP M478
HP Color LaserJet Pro MFP M479
HP LaserJet Pro M304
HP LaserJet Pro M305
HP LaserJet Pro M404
HP LaserJet Pro M405
HP LaserJet Pro MFP M428
HP LaserJet Pro MFP M429
HP LaserJet Pro MFP M429 F
HP PageWide 352dw Printer
HP PageWide 377dw Multifunction Printer
HP PageWide Managed P55250dw Printer series
HP PageWide Managed P57750dw Multifunction Printer
HP PageWide Pro 452dn Printer series
HP PageWide Pro 452dw Printer series
HP PageWide Pro 477dn Multifunction Printer series
HP PageWide Pro 477dw Multifunction Printer series
HP PageWide Pro 552dw Printer series
HP PageWide Pro 577 Multifunction Printer series
HP OfficeJet Pro 8210 Printer series
HP OfficeJet Pro 8216 Printer series
HP OfficeJet Pro 8730 All-in-One Printer
HP OfficeJet Pro 8740 All-in-One Printer series

Software vendor:
HP Development Company

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the PostScript interpreter. A remote attacker on the local network can trigger out-of-bounds read error and read contents of memory on the system.

Install updates from vendor's website.

• https://support.hp.com/us-en/document/ish_5950417-5950443-16
• https://www.zerodayinitiative.com/advisories/ZDI-22-535/