CVE-2024-12649
CRITICAL EPSS 63.8%
Published Jan 28, 20251y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Jan 28, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
63.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 44
| Vendor | Product | Version | Range |
|---|---|---|---|
| canon | mf455dw_firmware | * | ≤05.04 |
| canon | mf455dw | * | any |
| canon | mf453dw_firmware | * | ≤05.04 |
| canon | mf453dw | * | any |
| canon | mf452dw_firmware | * | ≤05.04 |
| canon | mf452dw | * | any |
| canon | mf451dw_firmware | * | ≤05.04 |
| canon | mf451dw | * | any |
| canon | mf465dw_firmware | * | ≤05.04 |
| canon | mf465dw | * | any |
| canon | mf462dw_firmware | * | ≤05.04 |
| canon | mf462dw | * | any |
| canon | mf656cdw_firmware | * | ≤05.04 |
| canon | mf656cdw | * | any |
| canon | mf654cdw_firmware | * | ≤05.04 |
| canon | mf654cdw | * | any |
| canon | mf653cdw_firmware | * | ≤05.04 |
| canon | mf653cdw | * | any |
| canon | mf652cw_firmware | * | ≤05.04 |
| canon | mf652cw | * | any |
| canon | mf1238_ii_firmware | * | ≤05.04 |
| canon | mf1238_ii | * | any |
| canon | mf1440_firmware | * | ≤05.04 |
| canon | mf1440 | * | any |
| canon | mf1643if_ii_firmware | * | ≤05.04 |
| canon | mf1643if_ii | * | any |
| canon | mf1643i_ii_firmware | * | ≤05.04 |
| canon | mf1643i_ii | * | any |
| canon | lbp237dw_firmware | * | ≤05.04 |
| canon | lbp237dw | * | any |
| canon | lbp236dw_firmware | * | ≤05.04 |
| canon | lbp236dw | * | any |
| canon | lbp247dw_firmware | * | ≤05.04 |
| canon | lbp247dw | * | any |
| canon | lbp246dw_firmware | * | ≤05.04 |
| canon | lbp246dw | * | any |
| canon | lbp633cdw_firmware | * | ≤05.04 |
| canon | lbp633cdw | * | any |
| canon | lbp632cdw_firmware | * | ≤05.04 |
| canon | lbp632cdw | * | any |
| canon | lbp1238_ii_firmware | * | ≤05.04 |
| canon | lbp1238_ii | * | any |
| canon | lbp1440_firmware | * | ≤05.04 |
| canon | lbp1440 | * | any |
References 4
- canon.jp https://canon.jp/support/support-info/250127vulnerability-response
- psirt.canon https://psirt.canon/advisory-information/cp2025-001/
- canon-europe.com https://www.canon-europe.com/support/product-security/#news
- usa.canon.com https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.