Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-11345

Summary
Assigner-Lexmark
Assigner Org ID-7bc73191-a2b6-4c63-9918-753964601853
Published At-13 Feb, 2025 | 18:46
Updated At-13 Feb, 2025 | 19:19
Rejected At-
Credits

Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Lexmark
Assigner Org ID:7bc73191-a2b6-4c63-9918-753964601853
Published At:13 Feb, 2025 | 18:46
Updated At:13 Feb, 2025 | 19:19
Rejected At:
▼CVE Numbering Authority (CNA)
Heap-based memory vulnerability in the Postscript interpreter in various Lexmark devices

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Affected Products
Vendor
Lexmark International, Inc.Lexmark International
Product
CX, XC, CS, MS, MX, XM, et. al.
Default Status
unaffected
Versions
Affected
  • From 0 through CXTLS.230.341 (custom)
    • -> unaffectedfromCXTLS.230.342 and later
  • From 0 through CSTLS.230.341 (custom)
    • -> unaffectedfromCSTLS.230.342 and later
  • From 0 through MSNSN.230.341 (custom)
    • -> unaffectedfromMSNSN.230.342 and later
  • From 0 through MSTSN.230.341 (custom)
    • -> unaffectedfromMSTSN.230.342 and later
  • From 0 through MXTSN.230.341 (custom)
    • -> unaffectedfromMXTSN.230.342 and later
  • From 0 through CSNGV.230.341 (custom)
    • -> unaffectedfromCSNGV.230.342 and later
  • From 0 through CSTGV.230.341 (custom)
    • -> unaffectedfromCSTGV.230.342 and later
  • From 0 through CXTGV.230.341 (custom)
    • -> unaffectedfromCXTGV.230.342 and later
  • From 0 through CXTPC.230.341 (custom)
    • -> unaffectedfromCXTPC.230.342 and later
  • From 0 through CSTPC.230.341 (custom)
    • -> unaffectedfromCSTPC.230.342 and later
  • From 0 through MXTCT.230.341 (custom)
    • -> unaffectedfromMXTCT.230.342 and later
  • From 0 through MXTPM.230.341 (custom)
    • -> unaffectedfromMXTPM.230.342 and later
  • From 0 through CXTMM.230.341 (custom)
    • -> unaffectedfromCXTMM.230.342 and later
  • From 0 through CSTMM.230.341 (custom)
    • -> unaffectedfromCSTMM.230.342 and later
  • From 0 through MSLSG.230.341 (custom)
    • -> unaffectedfromMSLSG.230.342 and later
  • From 0 through MXLSG.230.341 (custom)
    • -> unaffectedfromMXLSG.230.342 and later
  • From 0 through MSLBD.230.341 (custom)
    • -> unaffectedfromMSLBD.230.342 and later
  • From 0 through MXLBD.230.341 (custom)
    • -> unaffectedfromMXLBD.230.342 and later
  • From 0 through MSNGM.230.341 (custom)
    • -> unaffectedfromMSNGM.230.342 and later
  • From 0 through MSTGM.230.341 (custom)
    • -> unaffectedfromMSTGM.230.342 and later
  • From 0 through MXNGM.230.341 (custom)
    • -> unaffectedfromMXNGM.230.342 and later
  • From 0 through MXTGM.230.341 (custom)
    • -> unaffectedfromMXTGM.230.342 and later
  • From 0 through MSNGW.230.341 (custom)
    • -> unaffectedfromMSNGW.230.342 and later
  • From 0 through MSTGW.230.341 (custom)
    • -> unaffectedfromMSTGW.230.342 and later
  • From 0 through MXTGW.230.341 (custom)
    • -> unaffectedfromMXTGW.230.342 and later
  • From 0 through CSLBN.230.341 (custom)
    • -> unaffectedfromCSLBN.230.342 and later
  • From 0 through CSLBL.230.341 (custom)
    • -> unaffectedfromCSLBL.230.342 and later
  • From 0 through CXLBN.230.341 (custom)
    • -> unaffectedfromCXLBN.230.342 and later
  • From 0 through CXLBL.230.341 (custom)
    • -> unaffectedfromCXLBL.230.342 and later
  • From 0 through CSTZJ.230.341 (custom)
    • -> unaffectedfromCSTZJ.230.342 and later
  • From 0 through CSNZJ.230.341 (custom)
    • -> unaffectedfromCSNZJ.230.342 and later
  • From 0 through CXTZJ.230.341 (custom)
    • -> unaffectedfromCXTZJ.230.342 and later
  • From 0 through CXNZJ.230.341 (custom)
    • -> unaffectedfromCXNZJ.230.342 and later
  • From 0 through CXTPP.230.341 (custom)
    • -> unaffectedfromCXTPP.230.342 and later
  • From 0 through CSTPP.230.341 (custom)
    • -> unaffectedfromCSTPP.230.342 and later
  • From 0 through CSTAT.230.341 (custom)
    • -> unaffectedfromCSTAT.230.342 and later
  • From 0 through CXTAT.230.341 (custom)
    • -> unaffectedfromCXTAT.230.342 and later
  • From 0 through CSTMH.230.341 (custom)
    • -> unaffectedfromCSTMH.230.342 and later
  • From 0 through CXTMH.230.341 (custom)
    • -> unaffectedfromCXTMH.230.342 and later
  • From 0 through LW90.TL2.P215 (custom)
    • -> unaffectedfromLW90.TL2.P216 and later
  • From 0 through LW90.PR2.P215 (custom)
    • -> unaffectedfromLW90.PR2.P216 and later
  • From 0 through LW90.PR4.P215 (custom)
    • -> unaffectedfromLW90.PR4.P216 and later
  • From 0 through LW90.SB4.P215 (custom)
    • -> unaffectedfromLW90.SB4.P216 and later
  • From 0 through LW90.SB7.P215 (custom)
    • -> unaffectedfromLW90.SB7.P216 and later
  • From 0 through LW90.DN2.P215 (custom)
    • -> unaffectedfromLW90.DN2.P216 and later
  • From 0 through LW90.DN4.P215 (custom)
    • -> unaffectedfromLW90.DN4.P216 and later
  • From 0 through LW90.DN7.P215 (custom)
    • -> unaffectedfromLW90.DN7.P216 and later
  • From 0 through LW90.TU.P215 (custom)
    • -> unaffectedfromLW90.TU.P216 and later
  • From 0 through LW90.SA.P215 (custom)
    • -> unaffectedfromLW90.SA.P216 and later
  • From 0 through LW90.MG.P215 (custom)
    • -> unaffectedfromLW90.MG.P216 and later
  • From 0 through LW90.GM7.P215 (custom)
    • -> unaffectedfromLW90.GM7.P216 and later
  • From 0 through LW90.GM4.P215 (custom)
    • -> unaffectedfromLW90.GM4.P216 and later
  • From 0 through LW80.PRL.P257 (custom)
    • -> unaffectedfromLW80.PRL.P258 and later
  • From 0 through LW80.SB2.P257 (custom)
    • -> unaffectedfromLW80.SB2.P258 and later
  • From 0 through LW80.VYL.P257 (custom)
    • -> unaffectedfromLW80.VYL.P258 and later
  • From 0 through LW80.VY2.P257 (custom)
    • -> unaffectedfromLW80.VY2.P258 and later
  • From 0 through LW80.GM2P257 (custom)
    • -> unaffectedfromLW80.GM2.P258 and later
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

Lexmark recommends a firmware update if your device has affected firmware.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
N/A
Hyperlink: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:7bc73191-a2b6-4c63-9918-753964601853
Published At:13 Feb, 2025 | 19:15
Updated At:15 Apr, 2026 | 00:35

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Secondary7bc73191-a2b6-4c63-9918-753964601853
CWE ID: CWE-787
Type: Secondary
Source: 7bc73191-a2b6-4c63-9918-753964601853
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html7bc73191-a2b6-4c63-9918-753964601853
N/A
Hyperlink: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Source: 7bc73191-a2b6-4c63-9918-753964601853
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

54Records found
CVE-2022-3664
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.23%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-14 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow

A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-bento4Bento4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-22419
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.54% / 67.78%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 18:45
Updated-02 Jun, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
concat built-in can corrupt memory in vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0.

Action-Not Available
Vendor-vyperlangvyperlang
Product-vypervyper
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33265
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.27% / 50.70%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 05:02
Updated-09 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure in Powerline Communication Firmware

Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca7500_firmwareqca7520_firmwareqca7550qca7520qca7500qca7550_firmwareSnapdragon
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1876
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.22% / 79.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 17:00
Updated-21 May, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1562dap-1562_firmwareDAP-1562
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found