CVE-2024-12649
high-risk
Published 2025-01-28
Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
Do I need to act?
-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Mf455Dw Firmware
Mf453Dw Firmware
Mf452Dw Firmware
Mf451Dw Firmware
Mf465Dw Firmware
Mf462Dw Firmware
Mf656Cdw Firmware
Mf654Cdw Firmware
Mf653Cdw Firmware
Mf652Cw Firmware
Mf1238 Ii Firmware
Mf1440 Firmware
Mf1643If Ii Firmware
Mf1643I Ii Firmware
Lbp237Dw Firmware
Lbp236Dw Firmware
Lbp247Dw Firmware
Lbp246Dw Firmware
Lbp633Cdw Firmware
Lbp632Cdw Firmware
Affected Vendors
References (4)
Vendor Advisory
https://psirt.canon/advisory-information/cp2025-001/
Vendor Advisory
https://www.canon-europe.com/support/product-security/#news
53
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate