Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-24673

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-28 Mar, 2023 | 00:00
Updated At-19 Feb, 2025 | 15:39
Rejected At-
Credits

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:28 Mar, 2023 | 00:00
Updated At:19 Feb, 2025 | 15:39
Rejected At:
▼CVE Numbering Authority (CNA)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Affected Products
Vendor
Canon Inc.Canon
Product
imageCLASS MF644Cdw
Versions
Affected
  • 10.02
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Angelboy (@scwuaptx) from DEVCORE Research Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-22-515/
N/A
https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow
N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-515/
Resource: N/A
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-22-515/
x_transferred
https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-515/
Resource:
x_transferred
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:28 Mar, 2023 | 19:15
Updated At:03 Apr, 2023 | 18:52

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Canon Inc.
canon
>>d1620_firmware>>-
cpe:2.3:o:canon:d1620_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1620>>-
cpe:2.3:h:canon:d1620:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1650_firmware>>-
cpe:2.3:o:canon:d1650_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1650>>-
cpe:2.3:h:canon:d1650:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1520_firmware>>-
cpe:2.3:o:canon:d1520_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1520>>-
cpe:2.3:h:canon:d1520:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1550_firmware>>-
cpe:2.3:o:canon:d1550_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>d1550>>-
cpe:2.3:h:canon:d1550:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1127c_firmware>>-
cpe:2.3:o:canon:mf1127c_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1127c>>-
cpe:2.3:h:canon:mf1127c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1238_firmware>>-
cpe:2.3:o:canon:mf1238_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1238>>-
cpe:2.3:h:canon:mf1238:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1238_ii_firmware>>-
cpe:2.3:o:canon:mf1238_ii_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1238_ii>>-
cpe:2.3:h:canon:mf1238_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1643i_ii_firmware>>-
cpe:2.3:o:canon:mf1643i_ii_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1643i_ii>>-
cpe:2.3:h:canon:mf1643i_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1643if_ii_firmware>>-
cpe:2.3:o:canon:mf1643if_ii_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1643if_ii>>-
cpe:2.3:h:canon:mf1643if_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf414dw_firmware>>-
cpe:2.3:o:canon:mf414dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf414dw>>-
cpe:2.3:h:canon:mf414dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf416dw_firmware>>-
cpe:2.3:o:canon:mf416dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf416dw>>-
cpe:2.3:h:canon:mf416dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf419dw_firmware>>-
cpe:2.3:o:canon:mf419dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf419dw>>-
cpe:2.3:h:canon:mf419dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf515dw_firmware>>-
cpe:2.3:o:canon:mf515dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf515dw>>-
cpe:2.3:h:canon:mf515dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf424dw_firmware>>-
cpe:2.3:o:canon:mf424dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf424dw>>-
cpe:2.3:h:canon:mf424dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf426dw_firmware>>-
cpe:2.3:o:canon:mf426dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf426dw>>-
cpe:2.3:h:canon:mf426dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf429dw_firmware>>-
cpe:2.3:o:canon:mf429dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf429dw>>-
cpe:2.3:h:canon:mf429dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf525dw_firmware>>-
cpe:2.3:o:canon:mf525dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf525dw>>-
cpe:2.3:h:canon:mf525dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf445dw_firmware>>-
cpe:2.3:o:canon:mf445dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf445dw>>-
cpe:2.3:h:canon:mf445dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf448dw_firmware>>-
cpe:2.3:o:canon:mf448dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf448dw>>-
cpe:2.3:h:canon:mf448dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf449dw_firmware>>-
cpe:2.3:o:canon:mf449dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf449dw>>-
cpe:2.3:h:canon:mf449dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf543dw_firmware>>-
cpe:2.3:o:canon:mf543dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf543dw>>-
cpe:2.3:h:canon:mf543dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf451dw_firmware>>-
cpe:2.3:o:canon:mf451dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf451dw>>-
cpe:2.3:h:canon:mf451dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf452dw_firmware>>-
cpe:2.3:o:canon:mf452dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf452dw>>-
cpe:2.3:h:canon:mf452dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf453dw_firmware>>-
cpe:2.3:o:canon:mf453dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf453dw>>-
cpe:2.3:h:canon:mf453dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf455dw_firmware>>-
cpe:2.3:o:canon:mf455dw_firmware:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf455dw>>-
cpe:2.3:h:canon:mf455dw:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondaryzdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflowzdi-disclosures@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-515/zdi-disclosures@trendmicro.com
Third Party Advisory
VDB Entry
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-515/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2444Records found
CVE-2019-5998
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-2184
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.01%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 00:26
Updated-28 Aug, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-Satera LBP660C Seriesi-SENSYS MF740C SeriesC1127i SeriesSatera LBP620C Seriesi-SENSYS MF750C SeriesColor imageCLASS MF640C Seriesi-SENSYS MF640C SeriesSatera MF740C Seriesi-SENSYS LBP673CdwC1333i SeriesColor imageCLASS MF740C Seriesi-SENSYS LBP620C SeriesColor imageCLASS LBP664CdwColor imageCLASS MF750C SeriesSatera MF640C SeriesColor imageCLASS X LBP1127CColor imageCLASS X MF1333CC1127PC1333PColor imageCLASS X MF1127CSatera LBP670C SeriesColor imageCLASS X LBP1333CColor imageCLASS LBP622Cdwi-SENSYS LBP660C SeriesColor imageCLASS LBP674CdwSatera MF750C Seriesc1127i_seriesi-sensys_mf750c_seriesc1333i_seriesi-sensys_mf640c_seriessatera_lbp670c_seriescolor_imageclass_lbp622cdwsatera_mf740c_seriescolor_imageclass_x_lbp1127ccolor_imageclass_mf750c_seriescolor_imageclass_mf640c_seriesc1127pcolor_imageclass_x_mf1333csatera_mf640c_seriesi-sensys_lbp660c_seriescolor_imageclass_x_lbp1333ci-sensys_lbp673cdwsatera_mf750c_seriescolor_imageclass_lbp664cdwsatera_lbp660c_seriessatera_lbp620c_seriesi-sensys_lbp620c_seriescolor_imageclass_mf740c_seriescolor_imageclass_x_mf1127ccolor_imageclass_lbp674cdwc1333pi-sensys_mf740c_series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0244
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.98%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:24
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwlbp1333c_firmwarelbp1333cmf755cdwi-sensys_mf754cdwmf1333c_firmwaremf751cdw_firmwarei-sensys_x_c1333ifmf755cdw_firmwaremf753cdwmf753cdw_firmwarei-sensys_x_c1333if_firmwaremf1333cColor imageCLASS MF750C SeriesC1333iFSatera MF750C Seriesi-SENSYS MF754CdwColor imageCLASS X MF1333C
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6234
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiColor imageCLASS LBP674CColor imageCLASS MF750C SeriesColor imageCLASS X MF1333C Seriesi-SENSYS MF750C Seriesi-SENSYS LBP673CdwC1333PSatera LBP670C SeriesColor imageCLASS X LBP1333CC1333i SeriesSatera MF750C Seriesmf750ci-sensys_lbp673cdwi-sensys_x_c1333plbp1333clbp674cmf1333c
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6232
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6229
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:20
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6233
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6230
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:21
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0853
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0852
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0856
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0854
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6231
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24672
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24674
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.06% / 20.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2146
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.86%
||
7 Day CHG~0.00%
Published-25 May, 2025 | 23:36
Updated-03 Jun, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-imageclass_mf653cdw_firmwareimagerunner_1643if_iiimageclass_mf656cdw_firmwarei-sensys_lbp233dw_firmwarei-sensys_mf453dwsatera_mf457dwi-sensys_mf655cdw_firmwarei-sensys_lbp233dwi-sensys_mf657cdw_firmwarei-sensys_x_1238pr_ii_firmwareimageclass_mf455dw_firmwarei-sensys_lbp631cdw_firmwareimageclass_mf451dw_firmwarei-sensys_mf651cdw_firmwarei-sensys_mf552dw_firmwareimageclass_mf452dw_firmwarei-sensys_mf455dw_firmwareimageclass_x_mf1643i_iiimageclass_mf455dwsatera_mf551dwi-sensys_x_1238p_iiimageclass_mf653cdwi-sensys_lbp236dw_firmwarei-sensys_mf455dwimageclass_x_lbp1238_iiimageclass_lbp632cdw_firmwaresatera_mf656cdw_firmwareimageclass_mf652cdw_firmwareimageclass_mf451dwimageclass_lbp236dwimageclass_mf452dwi-sensys_x_1238pr_iiimageclass_x_mf1643if_iii-sensys_lbp633cdw_firmwareimageclass_lbp237dw_firmwareimagerunner_1643if_ii_firmwarei-sensys_mf657cdwi-sensys_lbp236dwi-sensys_x_1238p_ii_firmwareimageclass_mf453dw_firmwarei-sensys_mf651cdwi-sensys_mf453dw_firmwarei-sensys_x_1238if_iii-sensys_lbp631cdwsatera_mf551dw_firmwareimageclass_x_mf1238_iisatera_mf654cdwimagerunner_1643i_iiimageclass_mf652cdwi-sensys_mf553dw_firmwareimageclass_mf656cdwi-sensys_lbp633cdwimagerunner_1643i_ii_firmwarei-sensys_x_1238i_ii_firmwareimageclass_x_mf1238_ii_firmwareimageclass_lbp237dwimageclass_x_mf1643i_ii_firmwareimageclass_mf654cdw_firmwareimageclass_mf654cdwi-sensys_mf553dwi-sensys_x_1238if_ii_firmwaresatera_mf654cdw_firmwarei-sensys_x_1238i_iiimageclass_mf453dwimageclass_lbp633cdwimageclass_x_lbp1238_ii_firmwareimageclass_lbp633cdw_firmwaresatera_mf656cdwimageclass_x_mf1643if_ii_firmwaresatera_mf457dw_firmwareimageclass_lbp236dw_firmwareimageclass_lbp632cdwi-sensys_mf655cdwi-sensys_mf552dwimageCLASS MF453dwSatera MF457dwimageCLASS MF455dwi-SENSYS MF655Cdwi-SENSYS MF455dwi-SENSYS X 1238P IIimageCLASS X MF1643i IIimageCLASS X MF1643iF IIi-SENSYS MF453dwColor imageCLASS MF656CdwimageCLASS X MF1238 IIi-SENSYS X 1238iF IIimageCLASS MF451dwColor imageCLASS MF654Cdwi-SENSYS MF651Cdwi-SENSYS MF553dwi-SENSYS MF552dwimageCLASS LBP237dwColor imageCLASS MF653CdwimageRUNNER 1643iF IIi-SENSYS LBP233dwColor imageCLASS LBP633Cdwi-SENSYS X 1238Pr IIColor imageCLASS MF652Cdwi-SENSYS X 1238i IIColor imageCLASS LBP632Cdwi-SENSYS LBP633CdwimageCLASS MF452dwi-SENSYS LBP236dwSatera MF551dwi-SENSYS MF657CdwSatera MF656CdwimageCLASS LBP236dwSatera MF654CdwimageCLASS X LBP1238 IIi-SENSYS LBP631CdwimageRUNNER 1643i II
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0855
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0851
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5999
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6000
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5994
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-43608
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.62%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.

Action-Not Available
Vendor-Canon Inc.
Product-mf644cdw_firmwaremf644cdwimageCLASS MF644Cdw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-26508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.23%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 18:49
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

Action-Not Available
Vendor-n/aCanon Inc.
Product-oce_colorwave_3500_firmwareoce_colorwave_3500n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-9226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.65%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.

Action-Not Available
Vendor-oniguruma_projectn/aThe PHP Group
Product-onigurumaphpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.25%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.

Action-Not Available
Vendor-oniguruma_projectn/aThe PHP Group
Product-onigurumaphpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:52
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.05%
||
7 Day CHG+0.01%
Published-16 Jan, 2025 | 00:00
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-48.34% / 97.66%
||
7 Day CHG~0.00%
Published-12 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5695
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-30 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.78%
||
7 Day CHG+0.01%
Published-16 Jan, 2025 | 00:00
Updated-19 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5701
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-03 Apr, 2025 | 00:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxfirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.09%
||
7 Day CHG+0.02%
Published-16 Jan, 2025 | 00:00
Updated-22 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.90% / 82.48%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-54808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.04%
||
7 Day CHG-0.06%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-44790
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.39% / 99.42%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 00:00
Updated-01 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Action-Not Available
Vendor-Fedora ProjectTenable, Inc.Oracle CorporationThe Apache Software FoundationApple Inc.Debian GNU/LinuxNetApp, Inc.
Product-communications_session_route_managerdebian_linuxfedoracommunications_element_managercommunications_session_report_managerhttp_servertenable.scmac_os_xzfs_storage_appliance_kitcommunications_operations_monitormacosinstantis_enterprisetrackcloud_backupApache HTTP Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-55194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.81%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 00:00
Updated-29 Jan, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

Action-Not Available
Vendor-openimageion/a
Product-openimageion/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46224
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-3.25% / 86.60%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.49%
||
7 Day CHG+0.01%
Published-31 Dec, 2021 | 23:53
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/athekelleys
Product-dnsmasqn/adnsmasq
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.49%
||
7 Day CHG+0.01%
Published-31 Dec, 2021 | 23:53
Updated-04 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/a
Product-dnsmasqn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 04:30
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

Action-Not Available
Vendor-freetypen/a
Product-freetypen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5608
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.48%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:54
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

Action-Not Available
Vendor-n/aFreeBSD FoundationNetApp, Inc.
Product-freebsdclustered_data_ontapFreeBSD
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-46259
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 82.44%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46220
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 82.44%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found