CVE-2024-12647

Medienbericht

EPSS 0.18%
Veröffentlicht 28.01.2025 01:15:08
Zuletzt bearbeitet 28.01.2025 01:15:08
Quelle f98c90f0-e9bd-4fa7-911b-51993f
Teams Watchlist Login
Unerledigt Login

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCanon Inc.

≫

Produkt Satera MF656Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Satera MF654Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS MF656Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS MF654Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS MF653Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS MF652Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS LBP633Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt Color imageCLASS LBP632Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt i-SENSYS MF657Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt i-SENSYS MF655Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt i-SENSYS MF651Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt i-SENSYS LBP633Cdw

Version 05.04 and earlier

Status affected

HerstellerCanon Inc.

≫

Produkt i-SENSYS LBP631Cdw

Version 05.04 and earlier

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f98c90f0-e9bd-4fa7-911b-51993f3571fd	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/Canon-Warnung-Druckertreiber-ermoeglichen-Codeschmuggel-10337001.html

Medienbericht

heise Security

https://canon.jp/support/support-info/250127vulnerability-response

https://psirt.canon/advisory-information/cp2025-001/

https://www.canon-europe.com/support/product-security/#news

https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

https://nvd.nist.gov/vuln/detail/CVE-2024-12647

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12647

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12647

EUVD