CVE-2024-12649
Published: Jan 28, 2025
Modified: Jan 28, 2025
CVSS v3.1
9.8
Description
Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
| Vendor | Product | Versions |
|---|---|---|
Canon Inc. | Satera MF656Cdw | affected 05.04 and earlier |
Canon Inc. | Satera MF654Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS MF656Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS MF654Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS MF653Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS MF652Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS LBP633Cdw | affected 05.04 and earlier |
Canon Inc. | Color imageCLASS LBP632Cdw | affected 05.04 and earlier |
Canon Inc. | i-SENSYS MF657Cdw | affected 05.04 and earlier |
Canon Inc. | i-SENSYS MF655Cdw | affected 05.04 and earlier |
Canon Inc. | i-SENSYS MF651Cdw | affected 05.04 and earlier |
Canon Inc. | i-SENSYS LBP633Cdw | affected 05.04 and earlier |
Canon Inc. | i-SENSYS LBP631Cdw | affected 05.04 and earlier |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now