CVE-2025-14235
Description
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
CVSS Details
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Threat Intelligence
Weaknesses 1
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| canon | mf656cdw_firmware | * | ≤06.02 |
| canon | mf656cdw | * | any |
| canon | mf653cdw_firmware | * | ≤06.02 |
| canon | mf653cdw | * | any |
| canon | mf652cw_firmware | * | ≤06.02 |
| canon | mf652cdw | * | any |
| canon | mf1238_ii_firmware | * | ≤06.02 |
| canon | mf1238_ii | * | any |
| canon | mf1643if_ii_firmware | * | ≤06.02 |
| canon | mf1643if_ii | * | any |
| canon | mf1643i_ii_firmware | * | ≤06.02 |
| canon | mf1643i_ii | * | any |
| canon | lbp237dw_firmware | * | ≤06.02 |
| canon | lbp237dw | * | any |
| canon | lbp236dw_firmware | * | ≤06.02 |
| canon | lbp236dw | * | any |
| canon | lbp633cdw_firmware | * | ≤06.02 |
| canon | lbp633cdw | * | any |
| canon | lbp632cdw_firmware | * | ≤06.02 |
| canon | lbp632cdw | * | any |
| canon | lbp1238_ii_firmware | * | ≤06.02 |
| canon | lbp1238_ii | * | any |
| canon | mf455dw_firmware | * | ≤06.02 |
| canon | mf455dw | * | any |
| canon | mf453dw_firmware | * | ≤06.02 |
| canon | mf453dw | * | any |
| canon | mf452dw_firmware | * | ≤06.02 |
| canon | mf452dw | * | any |
| canon | mf451dw_firmware | * | ≤06.02 |
| canon | mf451dw | * | any |
| canon | mf654cdw_firmware | * | ≤06.02 |
| canon | mf654cdw | * | any |
References 4
- canon.jp https://canon.jp/support/support-info/260115vulnerability-response
- psirt.canon https://psirt.canon/advisory-information/cp2026-001/
- canon-europe.com https://www.canon-europe.com/support/product-security/
- usa.canon.com https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.