Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview

Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities.

Products Affected

A wide range of products and versions are affected.
For more information, refer to “Vendor Status” section below.

Description

Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities (CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649).

Impact

A remote attacker may execute arbitrary code and/or cause a denial-of-service (DoS) condition.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the Workaround
Apply the following workarounds to prevent access from untrusted entities.

• Use the product in an environment protected by a firewall, etc.
• Use the product with a private IP address

Credit

Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.