CVE-2025-1268 – Canon Generic Plus Printer Drivers Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

Patched

A buffer overflow vulnerability has been identified in several Canon Generic Plus printer drivers, including PCL6, UFR II, LIPS4, LIPSLX, PS, FAX, UFRII LT, and CARPS2. This vulnerability arises during EMF Recode processing when printing from a manipulated application, potentially leading to out-of-bounds memory access. Under certain conditions, the vulnerability could disrupt printing processes or allow unauthorized code execution, although such occurrences are believed to be rare.

Impact

Exploitation of this vulnerability could cause a buffer overflow, leading to out-of-bounds memory access. This could disrupt printing operations or allow for the execution of arbitrary code.

Remediation

Users are advised to update to the latest version of the affected printer drivers. For those using the uniFLOW SmartClient driver package, version 2025.1.2 is available as of April 4, 2025.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Canon Generic Plus PCL6 Printer Driver

Moderate fix1 remedy

cpe:2.3:a:canon:imagerunner_c3220:*:*:*:*:*:*:*

Moderate fix1 remedy

<= 3.12

CVSS Scores

volerion

9.3

CVSS 4.0

9.3

Critical

volerion

8.6

CVSS 3.1

8.6

High

Vendor

9.4

CVSS 3.1

9.4

Critical

Click a row to open the calculator.

References

https://canon.jp/support/support-info/250328vulnerability-response

AdvisoryRemedyVendor

https://psirt.canon/advisory-information/cp2025-003/

AdvisoryPermission RequiredVendor

https://www.canon-europe.com/support/product-security/

Permission RequiredVendor

https://www.usa.canon.com/about-us/to-our-customers/service-notice-vulnerability-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-and-laser-printers

RemedyVendor

Showing 1-4 of 4 references

Canon Generic Plus Printer Drivers Buffer Overflow Vulnerability Allowing Code Execution