Canon Small Office Multifunction Printers and Laser Printers Buffer Overflow Vulnerability in XPS Font Parsing

A buffer overflow vulnerability has been identified in the XPS font parsing process on certain Canon Small Office Multifunction Printers and Laser Printers. This vulnerability affects models in the Satera LBP670C Series, Satera MF750C Series, Color imageCLASS LBP630C, Color imageCLASS MF650C Series, imageCLASS LBP230 Series, imageCLASS X LBP1238 II, imageCLASS MF450 Series, imageCLASS X MF1238 II, imageCLASS X MF1643i II, imageCLASS X MF1643iF II, i-SENSYS LBP630C Series, i-SENSYS MF650C Series, i-SENSYS LBP230 Series, 1238P II, 1238Pr II, i-SENSYS MF450 Series, i-SENSYS MF550 Series, 1238i II, 1238iF II, imageRUNNER 1643i II, and imageRUNNER 1643iF II. All these models with firmware version 06.02 and earlier are vulnerable. When the affected product is connected directly to the Internet without a router, an attacker on the same network segment may exploit this vulnerability to cause the printer to become unresponsive or to execute arbitrary code.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for arbitrary code execution or causing the printer to become unresponsive, according to Canon.

Remediation

Users are advised to update to the latest firmware version and to connect the printer through a firewall or a router, setting a private IP address. Instructions for updating the firmware are available on the Canon Support website.