Canon Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability Allowing Denial-of-Service or Arbitrary Code Execution

A buffer overflow vulnerability has been identified in the CPCA font download processing of certain Canon Small Office Multifunction Printers and Laser Printers. This vulnerability affects specific models and firmware versions, allowing an attacker on the same network segment to cause the printer to become unresponsive or to execute arbitrary code. The affected models include the Satera MF656Cdw and MF654Cdw (firmware v05.04 and earlier) sold in Japan, as well as several models in the Color imageCLASS and i-SENSYS series (also on firmware v05.04 and earlier) sold in the US and Europe.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the printer to become unresponsive, or allow for arbitrary code execution on the affected device.

Remediation

Users are advised to update their printers to the latest firmware version. Instructions for downloading the firmware update are available on the Canon Japan website. Additionally, it is recommended to connect the printer to a secure private network using a firewall or router, and to avoid direct internet connections.