Canon Small Office Multifunction Printers and Laser Printers Invalid Free Vulnerability Allowing Denial-of-Service or Arbitrary Code Execution

A vulnerability has been identified in certain Canon Small Office Multifunction Printers and Laser Printers, specifically in models sold in Japan, the US, and Europe. This vulnerability arises from an invalid free operation in the CPCA file deletion process, which can be exploited by an attacker on the same network segment. The exploitation may lead to the printer becoming unresponsive or allow for the execution of arbitrary code. The issue affects printers connected directly to the Internet without a router, creating a potential risk from remote attackers.

Impact

Exploitation of this vulnerability can cause the printer to become unresponsive or allow for the execution of arbitrary code on the device.

Remediation

Users are advised to update to the latest firmware version available for their printer model. Instructions for updating the firmware can be found on the Canon Support website. Additionally, it is recommended to connect the printer to a private network using a firewall or router to restrict Internet access.