Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2184

Summary
Assigner-Canon
Assigner Org ID-f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At-11 Mar, 2024 | 00:26
Updated At-28 Aug, 2024 | 20:24
Rejected At-
Credits

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Canon
Assigner Org ID:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:11 Mar, 2024 | 00:26
Updated At:28 Aug, 2024 | 20:24
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

Affected Products
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS MF740C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS MF640C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS MF740C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS MF640C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera MF740C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera MF640C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS X MF1127C
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
C1127i Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS LBP664Cdw
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS LBP622Cdw
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS LBP660C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS LBP620C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera LBP660C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera LBP620C Series
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS X LBP1127C
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
C1127P
Versions
Affected
  • v12.07 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS MF750C Series
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS MF750C Series
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera MF750C Series
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS X MF1333C
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
C1333i Series
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS LBP674Cdw
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
i-SENSYS LBP673Cdw
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Satera LBP670C Series
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
Color imageCLASS X LBP1333C
Versions
Affected
  • v03.09 and earlier
Vendor
Canon Inc.Canon Inc.
Product
C1333P
Versions
Affected
  • v03.09 and earlier
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.canon/advisory-information/cp2024-002/
vendor-advisory
Hyperlink: https://psirt.canon/advisory-information/cp2024-002/
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://psirt.canon/advisory-information/cp2024-002/
vendor-advisory
x_transferred
Hyperlink: https://psirt.canon/advisory-information/cp2024-002/
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Canon Inc.canon
Product
color_imageclass_mf740c_series
CPEs
  • cpe:2.3:h:canon:color_imageclass_mf740c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12..07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_mf640c_series
CPEs
  • cpe:2.3:h:canon:color_imageclass_mf640c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_mf740c_series
CPEs
  • cpe:2.3:h:canon:i-sensys_mf740c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_mf640c_series
CPEs
  • cpe:2.3:h:canon:i-sensys_mf640c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
satera_mf740c_series
CPEs
  • cpe:2.3:h:canon:satera_mf740c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_x_mf1127c
CPEs
  • cpe:2.3:h:canon:color_imageclass_x_mf1127c:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_lbp664cdw
CPEs
  • cpe:2.3:h:canon:color_imageclass_lbp664cdw:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
c1127i_series
CPEs
  • cpe:2.3:h:canon:c1127i_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_lbp622cdw
CPEs
  • cpe:2.3:h:canon:color_imageclass_lbp622cdw:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_lbp660c_series
CPEs
  • cpe:2.3:h:canon:i-sensys_lbp660c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_lbp620c_series
CPEs
  • cpe:2.3:h:canon:i-sensys_lbp620c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_mf750c_series
CPEs
  • cpe:2.3:h:canon:i-sensys_mf750c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_x_lbp1333c
CPEs
  • cpe:2.3:h:canon:color_imageclass_x_lbp1333c:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
i-sensys_lbp673cdw
CPEs
  • cpe:2.3:h:canon:i-sensys_lbp673cdw:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
satera_lbp670c_series
CPEs
  • cpe:2.3:h:canon:satera_lbp670c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
c1333p
CPEs
  • cpe:2.3:h:canon:c1333p:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
satera_mf640c_series
CPEs
  • cpe:2.3:h:canon:satera_mf640c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
satera_lbp620c_series
CPEs
  • cpe:2.3:h:canon:satera_lbp620c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
satera_lbp660c_series
CPEs
  • cpe:2.3:h:canon:satera_lbp660c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_x_lbp1127c
CPEs
  • cpe:2.3:h:canon:color_imageclass_x_lbp1127c:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_mf750c_series
CPEs
  • cpe:2.3:h:canon:color_imageclass_mf750c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
c1127p
CPEs
  • cpe:2.3:h:canon:c1127p:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 12.07 (custom)
Vendor
Canon Inc.canon
Product
satera_mf750c_series
CPEs
  • cpe:2.3:h:canon:satera_mf750c_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_x_mf1333c
CPEs
  • cpe:2.3:h:canon:color_imageclass_x_mf1333c:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
c1333i_series
CPEs
  • cpe:2.3:h:canon:c1333i_series:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Vendor
Canon Inc.canon
Product
color_imageclass_lbp674cdw
CPEs
  • cpe:2.3:h:canon:color_imageclass_lbp674cdw:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 03.09 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f98c90f0-e9bd-4fa7-911b-51993f3571fd
Published At:11 Mar, 2024 | 01:15
Updated At:11 Mar, 2024 | 01:32

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Secondaryf98c90f0-e9bd-4fa7-911b-51993f3571fd
CWE ID: CWE-787
Type: Secondary
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://psirt.canon/advisory-information/cp2024-002/f98c90f0-e9bd-4fa7-911b-51993f3571fd
N/A
Hyperlink: https://psirt.canon/advisory-information/cp2024-002/
Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2076Records found
CVE-2024-12647
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.43%
||
7 Day CHG+0.03%
Published-28 Jan, 2025 | 00:38
Updated-28 Jan, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-Satera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0244
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.98%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:24
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwlbp1333c_firmwarelbp1333cmf755cdwi-sensys_mf754cdwmf1333c_firmwaremf751cdw_firmwarei-sensys_x_c1333ifmf755cdw_firmwaremf753cdwmf753cdw_firmwarei-sensys_x_c1333if_firmwaremf1333cColor imageCLASS MF750C SeriesC1333iFSatera MF750C Seriesi-SENSYS MF754CdwColor imageCLASS X MF1333C
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6234
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiColor imageCLASS LBP674CColor imageCLASS MF750C SeriesColor imageCLASS X MF1333C Seriesi-SENSYS MF750C Seriesi-SENSYS LBP673CdwC1333PSatera LBP670C SeriesColor imageCLASS X LBP1333CC1333i SeriesSatera MF750C Seriesmf750ci-sensys_lbp673cdwi-sensys_x_c1333plbp1333clbp674cmf1333c
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6232
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6229
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:20
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6233
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:23
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6230
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:21
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0853
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0852
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0856
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0854
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12648
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.43%
||
7 Day CHG+0.03%
Published-28 Jan, 2025 | 00:39
Updated-28 Jan, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-Satera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12649
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.43%
||
7 Day CHG+0.03%
Published-28 Jan, 2025 | 00:39
Updated-28 Jan, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-Satera MF654Cdwi-SENSYS LBP633Cdwi-SENSYS MF655CdwColor imageCLASS MF656Cdwi-SENSYS MF657CdwSatera MF656CdwColor imageCLASS LBP632Cdwi-SENSYS LBP631CdwColor imageCLASS LBP633CdwColor imageCLASS MF654CdwColor imageCLASS MF653Cdwi-SENSYS MF651CdwColor imageCLASS MF652Cdw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6231
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 00:22
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_mf754cdw_firmwaremf751cdwmf273dw_firmwarelbp671cmf1238_iilbp672c_firmwaremf1643i_ii_firmwarei-sensys_x_c1333i_firmwaremf1333clbp236dw_firmwaremf275dwi-sensys_x_c1333p_firmwarelbp122dwi-sensys_x_c1333imf1643if_iimf272dwlbp671c_firmwaremf451dw_firmwarelbp674cdwlbp672ci-sensys_mf754cdwmf1333c_firmwaremf753cdwi-sensys_x_c1333if_firmwarei-sensys_mf752cdwi-sensys_x_c1333pmf453dwmf452dwmf455dw_firmwarelbp1333c_firmwarelbp122dw_firmwarelbp674c_firmwaremf455dwmf755cdw_firmwaremf452dw_firmwaremf451dwlbp237dw_firmwaremf753cdw_firmwarelbp674cdw_firmwarei-sensys_x_c1333ifi-sensys_lbp673cdw_firmwarei-sensys_lbp673cdwmf273dwlbp1238_iimf275dw_firmwarelbp1238_ii_firmwarelbp1333cmf755cdwmf453dw_firmwaremf1238_ii_firmwarelbp236dwi-sensys_mf752cdw_firmwaremf751cdw_firmwaremf272dw_firmwarelbp674cmf1643if_ii_firmwarelbp237dwmf1643i_iiSatera LBP670C SeriesColor imageCLASS MF750C SeriesC1333i SeriesColor imageCLASS LBP674CColor imageCLASS X MF1333C SeriesSatera MF750C Seriesi-SENSYS LBP673Cdwi-SENSYS MF750C SeriesColor imageCLASS X LBP1333CC1333P
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24673
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2146
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.86%
||
7 Day CHG~0.00%
Published-25 May, 2025 | 23:36
Updated-03 Jun, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-imageclass_mf653cdw_firmwareimagerunner_1643if_iiimageclass_mf656cdw_firmwarei-sensys_lbp233dw_firmwarei-sensys_mf453dwsatera_mf457dwi-sensys_mf655cdw_firmwarei-sensys_lbp233dwi-sensys_mf657cdw_firmwarei-sensys_x_1238pr_ii_firmwareimageclass_mf455dw_firmwarei-sensys_lbp631cdw_firmwareimageclass_mf451dw_firmwarei-sensys_mf651cdw_firmwarei-sensys_mf552dw_firmwareimageclass_mf452dw_firmwarei-sensys_mf455dw_firmwareimageclass_x_mf1643i_iiimageclass_mf455dwsatera_mf551dwi-sensys_x_1238p_iiimageclass_mf653cdwi-sensys_lbp236dw_firmwarei-sensys_mf455dwimageclass_x_lbp1238_iiimageclass_lbp632cdw_firmwaresatera_mf656cdw_firmwareimageclass_mf652cdw_firmwareimageclass_mf451dwimageclass_lbp236dwimageclass_mf452dwi-sensys_x_1238pr_iiimageclass_x_mf1643if_iii-sensys_lbp633cdw_firmwareimageclass_lbp237dw_firmwareimagerunner_1643if_ii_firmwarei-sensys_mf657cdwi-sensys_lbp236dwi-sensys_x_1238p_ii_firmwareimageclass_mf453dw_firmwarei-sensys_mf651cdwi-sensys_mf453dw_firmwarei-sensys_x_1238if_iii-sensys_lbp631cdwsatera_mf551dw_firmwareimageclass_x_mf1238_iisatera_mf654cdwimagerunner_1643i_iiimageclass_mf652cdwi-sensys_mf553dw_firmwareimageclass_mf656cdwi-sensys_lbp633cdwimagerunner_1643i_ii_firmwarei-sensys_x_1238i_ii_firmwareimageclass_x_mf1238_ii_firmwareimageclass_lbp237dwimageclass_x_mf1643i_ii_firmwareimageclass_mf654cdw_firmwareimageclass_mf654cdwi-sensys_mf553dwi-sensys_x_1238if_ii_firmwaresatera_mf654cdw_firmwarei-sensys_x_1238i_iiimageclass_mf453dwimageclass_lbp633cdwimageclass_x_lbp1238_ii_firmwareimageclass_lbp633cdw_firmwaresatera_mf656cdwimageclass_x_mf1643if_ii_firmwaresatera_mf457dw_firmwareimageclass_lbp236dw_firmwareimageclass_lbp632cdwi-sensys_mf655cdwi-sensys_mf552dwimageCLASS MF453dwSatera MF457dwimageCLASS MF455dwi-SENSYS MF655Cdwi-SENSYS MF455dwi-SENSYS X 1238P IIimageCLASS X MF1643i IIimageCLASS X MF1643iF IIi-SENSYS MF453dwColor imageCLASS MF656CdwimageCLASS X MF1238 IIi-SENSYS X 1238iF IIimageCLASS MF451dwColor imageCLASS MF654Cdwi-SENSYS MF651Cdwi-SENSYS MF553dwi-SENSYS MF552dwimageCLASS LBP237dwColor imageCLASS MF653CdwimageRUNNER 1643iF IIi-SENSYS LBP233dwColor imageCLASS LBP633Cdwi-SENSYS X 1238Pr IIColor imageCLASS MF652Cdwi-SENSYS X 1238i IIColor imageCLASS LBP632Cdwi-SENSYS LBP633CdwimageCLASS MF452dwi-SENSYS LBP236dwSatera MF551dwi-SENSYS MF657CdwSatera MF656CdwimageCLASS LBP236dwSatera MF654CdwimageCLASS X LBP1238 IIi-SENSYS LBP631CdwimageRUNNER 1643i II
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0855
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0851
Matching Score-10
Assigner-Canon Inc.
ShareView Details
Matching Score-10
Assigner-Canon Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-10 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-i-sensys_x_c1127ii-sensys_mf645cx_firmwaremf741cdw_firmwarei-sensys_x_c1127pmf745cdwimageprograf_tc-20mi-sensys_mf746cx_firmwaremf273dw_firmwarei-sensys_mf641cw_firmwaremf641cwimageprograf_tc-20m_firmwaremf1127c_firmwarei-sensys_mf641cwi-sensys_lbp623cdwlbp1127cmf275dwlbp621c_firmwaremaxify_gx4020lbp122dwmf262dw_iilbp622cdw_firmwarei-sensys_lbp623cdw_firmwaremf743cdwlbp661c_firmwaremaxify_gx3020mf746cdwmf644cdw_firmwaremf267dw_ii_firmwarelbp1127c_firmwaremf1127clbp622c_firmwaremf269dw_iimf745cdw_firmwarei-sensys_mf746cximageprograf_tc-20_firmwarei-sensys_mf744cdwmf269dw_vp_ii_firmwarelbp662c_firmwaremf642cdw_firmwaremf746cdw_firmwarei-sensys_x_c1127p_firmwaremf273dwi-sensys_x_c1127i_firmwareimageprograf_tc-20i-sensys_lbp621cwi-sensys_x_c1127ifi-sensys_x_c1127if_firmwaremf272dw_firmwaremf644cdwi-sensys_lbp664cxlbp664cdw_firmwarepixma_g4270pixma_g3270i-sensys_mf645cxi-sensys_lbp633cdw_firmwarei-sensys_mf744cdw_firmwarelbp623cdw_firmwarepixma_g4270_firmwarelbp622cpixma_g3270_firmwarei-sensys_mf643cdw_firmwaremaxify_gx4020_firmwarei-sensys_lbp621cw_firmwaremf272dwmf641cw_firmwarelbp622cdwlbp664c_firmwarei-sensys_lbp633cdwmf264dw_iimf642cdwmf264dw_ii_firmwarelbp662clbp621ci-sensys_mf742cdw_firmwaremf262dw_ii_firmwarelbp122dw_firmwarelbp661ci-sensys_mf742cdwmf743cdw_firmwarelbp664cdwmf269dw_ii_firmwarei-sensys_mf643cdwmf269dw_vp_iii-sensys_lbp664cx_firmwaremf275dw_firmwarelbp664cmf267dw_iimaxify_gx3020_firmwaremf741cdwlbp623cdwCanon Office/Small Office Multifunction Printers and Laser Printers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.23%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 18:49
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

Action-Not Available
Vendor-n/aCanon Inc.
Product-oce_colorwave_3500_firmwareoce_colorwave_3500n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-5998
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24672
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24674
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.06% / 20.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0234
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:52
Updated-26 Feb, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0235
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:56
Updated-26 Feb, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1268
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.07% / 21.63%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 00:52
Updated-16 Jun, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / PDF Driver

Action-Not Available
Vendor-Canon Inc.
Product-Generic Plus LIPS4 Printer DriverPDF DriverGeneric FAX Printer DriverCARPS2 Printer DriverGeneric Plus PS Printer DriverUFRII LT Printer DriverGeneric Plus UFR II Printer DriverGeneric Plus PCL6 Printer DriverGeneric Plus LIPSLX Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0236
Matching Score-6
Assigner-Canon Inc.
ShareView Details
Matching Score-6
Assigner-Canon Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 01:57
Updated-26 Feb, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

Action-Not Available
Vendor-Canon Inc.
Product-Generic UFR II V4 Printer DriverGeneric PCL6 V4 Printer DriverGeneric LIPSLX V4 Printer Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5999
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6000
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.65%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.

Action-Not Available
Vendor-oniguruma_projectn/aThe PHP Group
Product-onigurumaphpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.25%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.

Action-Not Available
Vendor-oniguruma_projectn/aThe PHP Group
Product-onigurumaphpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:52
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57580
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.05%
||
7 Day CHG+0.01%
Published-16 Jan, 2025 | 00:00
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-48.34% / 97.66%
||
7 Day CHG~0.00%
Published-12 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5695
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-30 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.78%
||
7 Day CHG+0.01%
Published-16 Jan, 2025 | 00:00
Updated-19 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5701
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 12:40
Updated-03 Apr, 2025 | 00:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxfirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.09%
||
7 Day CHG+0.02%
Published-16 Jan, 2025 | 00:00
Updated-22 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.90% / 82.48%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44790
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.39% / 99.42%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 00:00
Updated-01 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Action-Not Available
Vendor-Fedora ProjectTenable, Inc.Oracle CorporationThe Apache Software FoundationApple Inc.Debian GNU/LinuxNetApp, Inc.
Product-communications_session_route_managerdebian_linuxfedoracommunications_element_managercommunications_session_report_managerhttp_servertenable.scmac_os_xzfs_storage_appliance_kitcommunications_operations_monitormacosinstantis_enterprisetrackcloud_backupApache HTTP Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-8774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.30%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 03:55
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityinternet_securityantivirus_pron/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-55194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.81%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 00:00
Updated-29 Jan, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

Action-Not Available
Vendor-openimageion/a
Product-openimageion/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46224
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-3.25% / 86.60%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 15:43
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowsavalancheAvalanche
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.49%
||
7 Day CHG+0.01%
Published-31 Dec, 2021 | 23:53
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/athekelleys
Product-dnsmasqn/adnsmasq
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.49%
||
7 Day CHG+0.01%
Published-31 Dec, 2021 | 23:53
Updated-04 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Action-Not Available
Vendor-thekelleysn/a
Product-dnsmasqn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 04:30
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

Action-Not Available
Vendor-freetypen/a
Product-freetypen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 41
  • 42
  • Next
Details not found