Integer overflow in Canon U.S.A. products - CVE-2022-43974
Published: May 24, 2023 / Updated: May 24, 2023
Vulnerability identifier: #VU76473
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-43974
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
Software vendor:
Canon U.S.A.
Canon U.S.A.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.