CVE-2024-12648

Description

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Canon Inc. / Color imageCLASS LBP632Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Color imageCLASS LBP633Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Color imageCLASS MF652Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Color imageCLASS MF653Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Color imageCLASS MF654Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Color imageCLASS MF656Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / i-SENSYS LBP631Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / i-SENSYS LBP633Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / i-SENSYS MF651Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / i-SENSYS MF655Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / i-SENSYS MF657Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Satera MF654Cdw05.04 and earlier – 05.04 and earlier
Canon Inc. / Satera MF656Cdw05.04 and earlier – 05.04 and earlier

Description

CVSS breakdown

Affected products

References