Canon Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability Allowing Arbitrary Code Execution or Denial-of-Service

A buffer overflow vulnerability has been identified in the print job processing via WSD on certain Canon Small Office Multifunction Printers and Laser Printers. This vulnerability may allow an attacker on the same network segment to cause the printer to become unresponsive or to execute arbitrary code. Affected models include the Satera LBP670C Series, Satera MF750C Series, Color imageCLASS LBP630C, Color imageCLASS MF650C Series, imageCLASS LBP230 Series, imageCLASS X LBP1238 II, imageCLASS MF450 Series, imageCLASS X MF1238 II, imageCLASS X MF1643i II, imageCLASS X MF1643iF II, i-SENSYS LBP630C Series, i-SENSYS MF650C Series, i-SENSYS LBP230 Series, 1238P II, 1238Pr II, i-SENSYS MF450 Series, i-SENSYS MF550 Series, 1238i II, 1238iF II, and imageRUNNER 1643i II and 1643iF II, all with firmware version 06.02 or earlier.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for arbitrary code execution or causing the printer to become unresponsive, effectively a Denial-of-Service condition.

Remediation

Users are advised to update to the latest firmware version and to connect the printer through a firewall or router to restrict network access. Detailed instructions for updating the firmware are available on the Canon support website.