CVE-2024-12648
CRITICALCanon Small Office Multifunction Printers and Laser Printers < 05.04 - Out-of-bounds Write in TIFF EXIF Tag Processing
Title source: llmDescription
Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
https://psirt.canon/advisory-information/cp2025-001/
Vendor Advisory vendor-advisory
https://canon.jp/support/support-info/250127vulnerability-response
Vendor Advisory vendor-advisory
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
Vendor Advisory vendor-advisory
https://www.canon-europe.com/support/product-security/#news
Scores
CVSS v3
9.8
EPSS
0.0109
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (22)
canon/lbp1238_ii_firmware
< 05.04
canon/lbp1440_firmware
< 05.04
canon/lbp236dw_firmware
< 05.04
canon/lbp237dw_firmware
< 05.04
canon/lbp246dw_firmware
< 05.04
canon/lbp247dw_firmware
< 05.04
canon/lbp632cdw_firmware
< 05.04
canon/lbp633cdw_firmware
< 05.04
canon/mf1238_ii_firmware
< 05.04
canon/mf1440_firmware
< 05.04
... and 12 more
Published
Jan 28, 2025
Tracked Since
Feb 18, 2026