Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-0855

Summary
Assigner-Canon
Assigner Org ID-f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At-11 May, 2023 | 00:00
Updated At-10 Feb, 2025 | 20:58
Rejected At-
Credits

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Canon
Assigner Org ID:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:11 May, 2023 | 00:00
Updated At:10 Feb, 2025 | 20:58
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Affected Products
Vendor
Canon Inc.Canon Inc.
Product
Canon Office/Small Office Multifunction Printers and Laser Printers
Versions
Affected
  • Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.canon-europe.com/support/product-security-latest-news/
N/A
https://psirt.canon/advisory-information/cp2023-001/
N/A
https://canon.jp/support/support-info/230414vulnerability-response
N/A
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
N/A
Hyperlink: https://www.canon-europe.com/support/product-security-latest-news/
Resource: N/A
Hyperlink: https://psirt.canon/advisory-information/cp2023-001/
Resource: N/A
Hyperlink: https://canon.jp/support/support-info/230414vulnerability-response
Resource: N/A
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.canon-europe.com/support/product-security-latest-news/
x_transferred
https://psirt.canon/advisory-information/cp2023-001/
x_transferred
https://canon.jp/support/support-info/230414vulnerability-response
x_transferred
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
x_transferred
Hyperlink: https://www.canon-europe.com/support/product-security-latest-news/
Resource:
x_transferred
Hyperlink: https://psirt.canon/advisory-information/cp2023-001/
Resource:
x_transferred
Hyperlink: https://canon.jp/support/support-info/230414vulnerability-response
Resource:
x_transferred
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:11 May, 2023 | 13:15
Updated At:07 Nov, 2023 | 04:01

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Canon Inc.
canon
>>mf642cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf642cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf642cdw>>-
cpe:2.3:h:canon:mf642cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf644cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf644cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf644cdw>>-
cpe:2.3:h:canon:mf644cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf741cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf741cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf741cdw>>-
cpe:2.3:h:canon:mf741cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf743cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf743cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf743cdw>>-
cpe:2.3:h:canon:mf743cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf745cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf745cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf745cdw>>-
cpe:2.3:h:canon:mf745cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp621c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp621c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp621c>>-
cpe:2.3:h:canon:lbp621c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp622c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp622c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp622c>>-
cpe:2.3:h:canon:lbp622c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp661c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp661c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp661c>>-
cpe:2.3:h:canon:lbp661c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp662c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp662c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp662c>>-
cpe:2.3:h:canon:lbp662c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp664c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp664c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp664c>>-
cpe:2.3:h:canon:lbp664c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1127c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf1127c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf1127c>>-
cpe:2.3:h:canon:mf1127c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf262dw_ii_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf262dw_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf262dw_ii>>-
cpe:2.3:h:canon:mf262dw_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf264dw_ii_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf264dw_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf264dw_ii>>-
cpe:2.3:h:canon:mf264dw_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf267dw_ii_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf267dw_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf267dw_ii>>-
cpe:2.3:h:canon:mf267dw_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf269dw_ii_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf269dw_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf269dw_ii>>-
cpe:2.3:h:canon:mf269dw_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf269dw_vp_ii_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf269dw_vp_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf269dw_vp_ii>>-
cpe:2.3:h:canon:mf269dw_vp_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf272dw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf272dw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf272dw>>-
cpe:2.3:h:canon:mf272dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf273dw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf273dw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf273dw>>-
cpe:2.3:h:canon:mf273dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf275dw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf275dw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf275dw>>-
cpe:2.3:h:canon:mf275dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf641cw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf641cw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf641cw>>-
cpe:2.3:h:canon:mf641cw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf746cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:mf746cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>mf746cdw>>-
cpe:2.3:h:canon:mf746cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp122dw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp122dw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp122dw>>-
cpe:2.3:h:canon:lbp122dw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp1127c_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp1127c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp1127c>>-
cpe:2.3:h:canon:lbp1127c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp622cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp622cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp622cdw>>-
cpe:2.3:h:canon:lbp622cdw:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp623cdw_firmware>>Versions up to 11.04(inclusive)
cpe:2.3:o:canon:lbp623cdw_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>lbp623cdw>>-
cpe:2.3:h:canon:lbp623cdw:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondaryf98c90f0-e9bd-4fa7-911b-51993f3571fd
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://canon.jp/support/support-info/230414vulnerability-responsef98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
https://psirt.canon/advisory-information/cp2023-001/f98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
https://www.canon-europe.com/support/product-security-latest-news/f98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflowf98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
Hyperlink: https://canon.jp/support/support-info/230414vulnerability-response
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A
Hyperlink: https://psirt.canon/advisory-information/cp2023-001/
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A
Hyperlink: https://www.canon-europe.com/support/product-security-latest-news/
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A
Hyperlink: https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2578Records found
CVE-2023-0856
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.42%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0851
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.42%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0853
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.13%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0854
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.13%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0852
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.42%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-2184
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 52.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2024 | 00:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-Satera LBP660C Seriesi-SENSYS MF740C SeriesC1127i SeriesSatera LBP620C Seriesi-SENSYS MF750C SeriesColor imageCLASS MF640C Seriesi-SENSYS MF640C SeriesSatera MF740C Seriesi-SENSYS LBP673CdwC1333i SeriesColor imageCLASS MF740C Seriesi-SENSYS LBP620C SeriesColor imageCLASS LBP664CdwColor imageCLASS MF750C SeriesSatera MF640C SeriesColor imageCLASS X LBP1127CColor imageCLASS X MF1333CC1127PC1333PColor imageCLASS X MF1127CSatera LBP670C SeriesColor imageCLASS X LBP1333CColor imageCLASS LBP622Cdwi-SENSYS LBP660C SeriesColor imageCLASS LBP674CdwSatera MF750C Seriesc1127i_seriesi-sensys_mf750c_seriesc1333i_seriesi-sensys_mf640c_seriessatera_lbp670c_seriescolor_imageclass_lbp622cdwsatera_mf740c_seriescolor_imageclass_x_lbp1127ccolor_imageclass_mf750c_seriescolor_imageclass_mf640c_seriesc1127pcolor_imageclass_x_mf1333csatera_mf640c_seriesi-sensys_lbp660c_seriescolor_imageclass_x_lbp1333ci-sensys_lbp673cdwsatera_mf750c_seriescolor_imageclass_lbp664cdwsatera_lbp660c_seriessatera_lbp620c_seriesi-sensys_lbp620c_seriescolor_imageclass_mf740c_seriescolor_imageclass_x_mf1127ccolor_imageclass_lbp674cdwc1333pi-sensys_mf740c_series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24673
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.63% / 83.51%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0244
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:24
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwlbp1333c_firmwarelbp1333cmf755cdwi-sensys_mf754cdwmf1333c_firmwaremf751cdw_firmwarei-sensys_x_c1333ifmf755cdw_firmwaremf753cdwmf753cdw_firmwarei-sensys_x_c1333if_firmwaremf1333cColor imageCLASS MF750C SeriesC1333iFSatera MF750C Seriesi-SENSYS MF754CdwColor imageCLASS X MF1333C
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6232
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 70.09%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6234
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiColor imageCLASS LBP674CColor imageCLASS MF750C SeriesColor imageCLASS X MF1333C Seriesi-SENSYS MF750C Seriesi-SENSYS LBP673CdwC1333PSatera LBP670C SeriesColor imageCLASS X LBP1333CC1333i SeriesSatera MF750C Seriesmf750ci-sensys_lbp673cdwi-sensys_x_c1333plbp1333clbp674cmf1333c
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6231
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6229
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:20
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6230
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 70.09%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:21
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6233
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 68.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14236
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 52.73%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:39
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14235
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 52.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:38
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwarelbp633cdwlbp632cdwmf455dwlbp237dw_firmwaremf653cdwmf652cw_firmwarelbp236dw_firmwaremf455dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14234
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 52.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:38
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14237
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.90% / 54.89%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:40
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14232
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 52.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:36
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12648
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 60.92%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 00:39
Updated-26 Jan, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-lbp247dw_firmwaremf451dwlbp247dwmf465dw_firmwaremf1643i_iimf452dw_firmwarelbp236dwlbp246dwmf654cdw_firmwaremf453dw_firmwaremf652cwmf452dwmf656cdw_firmwaremf455dwmf1440lbp633cdwlbp632cdwlbp1440lbp237dw_firmwaremf653cdwmf1440_firmwaremf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf462dw_firmwaremf451dw_firmwarelbp246dw_firmwaremf654cdwmf1238_ii_firmwarelbp1440_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf462dwmf465dwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12647
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.60%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 00:38
Updated-26 Jan, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-lbp247dw_firmwaremf451dwlbp247dwmf465dw_firmwaremf1643i_iimf452dw_firmwarelbp236dwlbp246dwmf654cdw_firmwaremf453dw_firmwaremf652cwmf452dwmf656cdw_firmwaremf455dwmf1440lbp633cdwlbp632cdwlbp1440lbp237dw_firmwaremf653cdwmf1440_firmwaremf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf462dw_firmwaremf451dw_firmwarelbp246dw_firmwaremf654cdwmf1238_ii_firmwarelbp1440_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf462dwmf465dwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12649
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.60%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 00:39
Updated-26 Jan, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-lbp247dw_firmwaremf451dwlbp247dwmf465dw_firmwaremf1643i_iimf452dw_firmwarelbp236dwlbp246dwmf654cdw_firmwaremf453dw_firmwaremf652cwmf452dwmf656cdw_firmwaremf455dwmf1440lbp633cdwlbp632cdwlbp1440lbp237dw_firmwaremf653cdwmf1440_firmwaremf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf462dw_firmwaremf451dw_firmwarelbp246dw_firmwaremf654cdwmf1238_ii_firmwarelbp1440_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf462dwmf465dwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2146
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.46%
||
7 Day CHG~0.00%
Published-25 May, 2025 | 23:36
Updated-03 Jun, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-imageclass_mf653cdw_firmwareimagerunner_1643if_iiimageclass_mf656cdw_firmwarei-sensys_lbp233dw_firmwarei-sensys_mf453dwsatera_mf457dwi-sensys_mf655cdw_firmwarei-sensys_lbp233dwi-sensys_mf657cdw_firmwarei-sensys_x_1238pr_ii_firmwareimageclass_mf455dw_firmwarei-sensys_lbp631cdw_firmwareimageclass_mf451dw_firmwarei-sensys_mf651cdw_firmwarei-sensys_mf552dw_firmwareimageclass_mf452dw_firmwarei-sensys_mf455dw_firmwareimageclass_x_mf1643i_iiimageclass_mf455dwsatera_mf551dwi-sensys_x_1238p_iiimageclass_mf653cdwi-sensys_lbp236dw_firmwarei-sensys_mf455dwimageclass_x_lbp1238_iiimageclass_lbp632cdw_firmwaresatera_mf656cdw_firmwareimageclass_mf652cdw_firmwareimageclass_mf451dwimageclass_lbp236dwimageclass_mf452dwi-sensys_x_1238pr_iiimageclass_x_mf1643if_iii-sensys_lbp633cdw_firmwareimageclass_lbp237dw_firmwareimagerunner_1643if_ii_firmwarei-sensys_mf657cdwi-sensys_lbp236dwi-sensys_x_1238p_ii_firmwareimageclass_mf453dw_firmwarei-sensys_mf651cdwi-sensys_mf453dw_firmwarei-sensys_x_1238if_iii-sensys_lbp631cdwsatera_mf551dw_firmwareimageclass_x_mf1238_iisatera_mf654cdwimagerunner_1643i_iiimageclass_mf652cdwi-sensys_mf553dw_firmwareimageclass_mf656cdwi-sensys_lbp633cdwimagerunner_1643i_ii_firmwarei-sensys_x_1238i_ii_firmwareimageclass_x_mf1238_ii_firmwareimageclass_lbp237dwimageclass_x_mf1643i_ii_firmwareimageclass_mf654cdw_firmwareimageclass_mf654cdwi-sensys_mf553dwi-sensys_x_1238if_ii_firmwaresatera_mf654cdw_firmwarei-sensys_x_1238i_iiimageclass_mf453dwimageclass_lbp633cdwimageclass_x_lbp1238_ii_firmwareimageclass_lbp633cdw_firmwaresatera_mf656cdwimageclass_x_mf1643if_ii_firmwaresatera_mf457dw_firmwareimageclass_lbp236dw_firmwareimageclass_lbp632cdwi-sensys_mf655cdwi-sensys_mf552dwimageCLASS MF453dwSatera MF457dwimageCLASS MF455dwi-SENSYS MF655Cdwi-SENSYS MF455dwi-SENSYS X 1238P IIimageCLASS X MF1643i IIimageCLASS X MF1643iF IIi-SENSYS MF453dwColor imageCLASS MF656CdwimageCLASS X MF1238 IIi-SENSYS X 1238iF IIimageCLASS MF451dwColor imageCLASS MF654Cdwi-SENSYS MF651Cdwi-SENSYS MF553dwi-SENSYS MF552dwimageCLASS LBP237dwColor imageCLASS MF653CdwimageRUNNER 1643iF IIi-SENSYS LBP233dwColor imageCLASS LBP633Cdwi-SENSYS X 1238Pr IIColor imageCLASS MF652Cdwi-SENSYS X 1238i IIColor imageCLASS LBP632Cdwi-SENSYS LBP633CdwimageCLASS MF452dwi-SENSYS LBP236dwSatera MF551dwi-SENSYS MF657CdwSatera MF656CdwimageCLASS LBP236dwSatera MF654CdwimageCLASS X LBP1238 IIi-SENSYS LBP631CdwimageRUNNER 1643i II
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14231
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 52.74%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:35
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-9261
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-7.6||HIGH
EPSS-0.18% / 8.06%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 23:39
Updated-18 Jun, 2026 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Action-Not Available
Vendor-Canon Inc.Microsoft CorporationApple Inc.
Product-macoseos_network_setting_toolwindowsEOS Network Setting Tool for WindowsEOS Network Setting Tool for macOS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-9260
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 13.82%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 23:38
Updated-18 Jun, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Action-Not Available
Vendor-Canon Inc.Microsoft CorporationApple Inc.
Product-macoseos_network_setting_toolwindowsEOS Network Setting Tool for WindowsEOS Network Setting Tool for macOS
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-9258
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.05%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 23:35
Updated-18 Jun, 2026 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Action-Not Available
Vendor-Canon Inc.Microsoft CorporationApple Inc.
Product-macoseos_network_setting_toolwindowsEOS Network Setting Tool for WindowsEOS Network Setting Tool for macOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-9259
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.22%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 23:36
Updated-18 Jun, 2026 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Action-Not Available
Vendor-Canon Inc.Microsoft CorporationApple Inc.
Product-macoseos_network_setting_toolwindowsEOS Network Setting Tool for WindowsEOS Network Setting Tool for macOS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-26508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 61.94%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 18:49
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

Action-Not Available
Vendor-n/aCanon Inc.
Product-oce_colorwave_3500_firmwareoce_colorwave_3500n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-14233
Matching Score-8
Assigner-Canon Inc.
ShareView Details
Matching Score-8
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.77% / 50.59%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:37
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwarei-SENSYS LBP630C Series1238iF IIimageRUNNER 1643iF II1238Pr IIimageCLASS X MF1238 IIimageCLASS X MF1643i IIi-SENSYS MF650C Series1238i IIi-SENSYS MF550 Seriesi-SENSYS LBP230 SeriesimageCLASS MF450 SeriesimageCLASS LBP230 SeriesimageCLASS X LBP1238 II1238P IIColor imageCLASS LBP630Ci-SENSYS MF450 SeriesSatera MF750C SeriesimageCLASS X MF1643iF IIimageRUNNER 1643i IISatera LBP670C SeriesColor imageCLASS MF650C Series
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2025-1268
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.76% / 50.24%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 00:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / PDF Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver

Action-Not Available
Vendor-Canon Inc.
Product-PCL6 Printer DriverGeneric Plus LIPSLX Printer DriverPDF DriverLIPSLX Printer DriverUFR II Printer DriverGeneric Plus UFR II Printer DriverCARPS2 Printer DriverGeneric Plus PCL6 Printer DriverGeneric Plus PS Printer DriverGeneric FAX Printer DriverUFRII LT Printer DriverGeneric Plus LIPS4 Printer DriverPS Printer DriverLIPS4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9903
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 24.21%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 00:44
Updated-16 Mar, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver

Action-Not Available
Vendor-Canon Inc.
Product-PCL6 Printer DriverGeneric Plus LIPSLX Printer DriverLIPSLX Printer DriverUFR II Printer DriverGeneric Plus UFR II Printer DriverCARPS2 Printer DriverGeneric Plus PCL6 Printer DriverGeneric Plus PS Printer DriverUFRII LT Printer DriverGeneric Plus LIPS4 Printer DriverPS Printer DriverGeneric FAX DriverLIPS4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5998
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-2.56% / 83.05%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5Xmarkâ…¡
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5999
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-2.46% / 82.33%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5Xmarkâ…¡
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24672
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.19% / 63.98%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24674
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.11% / 61.63%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0236
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 42.86%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:57
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0234
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 42.86%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6000
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-2.44% / 82.16%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5Xmarkâ…¡
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0235
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 42.86%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:56
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52274
Matching Score-4
Assigner-VULSec Labs
ShareView Details
Matching Score-4
Assigner-VULSec Labs
CVSS Score-8.3||HIGH
EPSS-0.43% / 34.07%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 10:19
Updated-28 May, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service on Tenda AC6V2 Due To Stack Overflow

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareTenda AC6V2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10559
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 54.87%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm891_firmwaresdm632_firmwaremsm8996au_firmwaresdm450_firmwaresdm632sdm439sdm429sm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaresxr2130qcs605_firmwaremdm9206sdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605sdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarmsm8953sdm450apq8064sdm636_firmwareapq8098_firmwaresdx20sdm660sdm630mdm9607_firmwaresm8250_firmwareqcs405qm215mdm9607apq8017_firmwaremsm8939_firmwaremdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwareapq8053apq8096au_firmwaresm6150_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaremsm891Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10991
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-8.98% / 94.60%
||
7 Day CHG~0.00%
Published-28 Jun, 2019 | 20:25
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccessWebAccess/SCADA
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23556
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 54.67%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 21:16
Updated-31 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 83.26%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 23:53
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/athekelleys
Product-dnsmasqn/adnsmasq
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-51138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.36%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-28 May, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3910vigor2765vigor2763_firmwarevigor2866vigor2866_firmwarevigor2766_firmwarevigor2925_firmwarevigor1000b_firmwarevigor2915vigorlte200vigor3910_firmwarevigor2860_firmwarevigor2133vigor2915_firmwarevigor3912vigor2620_firmwarevigor2762vigor2862_firmwarevigor2925vigor3912_firmwarevigor2135_firmwarevigor2763vigorlte200_firmwarevigor2762_firmwarevigor2927vigor3220_firmwarevigor2865vigor2832_firmwarevigor3220vigor2860vigor2926_firmwarevigor2952_firmwarevigor2927_firmwarevigor2832vigor2766vigor2135vigor2862vigor2926vigor2865_firmwarevigor2962_firmwarevigor1000bvigor2952vigor2765_firmwarevigor2962vigor2620vigor2133_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-52272
Matching Score-4
Assigner-VULSec Labs
ShareView Details
Matching Score-4
Assigner-VULSec Labs
CVSS Score-8.3||HIGH
EPSS-0.43% / 34.07%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 10:18
Updated-28 May, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service on Tenda AC6V2 Due To Stack Overflow

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareTenda AC6V2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52273
Matching Score-4
Assigner-VULSec Labs
ShareView Details
Matching Score-4
Assigner-VULSec Labs
CVSS Score-8.3||HIGH
EPSS-0.43% / 34.07%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 10:19
Updated-28 May, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service on Tenda AC6V2 Due To Stack Overflow

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareTenda AC6V2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11043
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-8.7||HIGH
EPSS-99.47% / 99.94%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 14:19
Updated-03 Nov, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.
Underflow in PHP-FPM can lead to RCE

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Action-Not Available
Vendor-Canonical Ltd.Fedora ProjectDebian GNU/LinuxTenable, Inc.Red Hat, Inc.The PHP Group
Product-enterprise_linux_for_ibm_z_systemsenterprise_linuxenterprise_linux_serverenterprise_linux_eusubuntu_linuxenterprise_linux_for_power_little_endianphpenterprise_linux_desktoptenable.scenterprise_linux_eus_compute_nodeenterprise_linux_for_arm_64_eusenterprise_linux_for_power_big_endian_eussoftware_collectionsdebian_linuxenterprise_linux_server_ausenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_server_tusenterprise_linux_for_arm_64fedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationPHPFastCGI Process Manager (FPM)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21517
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-8.8||HIGH
EPSS-1.60% / 72.61%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-04 Dec, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-exynosSamsung Mobile Devices
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 51
  • 52
  • Next
Details not found