CVE-2019-13171
CRITICALXerox Phaser 3320 V53.006.16.000 - Unauthenticated Stack-Based Buffer Overflow
Title source: llmDescription
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.business.xerox.com/
Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
Scores
CVSS v3
9.8
EPSS
0.0281
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
xerox/phaser_3320_firmware
v53.006.16.000
Published
Mar 13, 2020
Tracked Since
Feb 18, 2026