ГлавнаяУязвимости → CVE-2024-12648
9.8критическая

CVE-2024-12648

Описание

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Затрагиваемое ПО
Canon Mf455dw firmwareCanon Mf455dwCanon Mf453dw firmwareCanon Mf453dwCanon Mf452dw firmwareCanon Mf452dwCanon Mf451dw firmwareCanon Mf451dwCanon Mf465dw firmwareCanon Mf465dwCanon Mf462dw firmwareCanon Mf462dwCanon Mf656cdw firmwareCanon Mf656cdwCanon Mf654cdw firmwareCanon Mf654cdwCanon Mf653cdw firmwareCanon Mf653cdwCanon Mf652cw firmwareCanon Mf652cwCanon Mf1238 ii firmwareCanon Mf1238 iiCanon Mf1440 firmwareCanon Mf1440Canon Mf1643if ii firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://canon.jp/support/support-info/250127vulnerability-responsehttps://psirt.canon/advisory-information/cp2025-001/https://www.canon-europe.com/support/product-security/#newshttps://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers