Buffer Overflow in Canon EOS Digital Cameras and PowerShot Products
CVE-2019-5994

8.8HIGH

Key Information:

Vendor: Canon, Inc.
Status: Eos Series Digital Cameras, Powershot Sx740 Hs, Powershot Sx70 Hs, And Powershot G5xmarkⅱ
Vendor: CVE Published:; 6 August 2019

Summary

A buffer overflow vulnerability exists within the Picture Transfer Protocol (PTP) of various Canon EOS series digital cameras and PowerShot products. When triggered by an attacker on the same network segment with a crafted SendObjectInfo command, this vulnerability could render the device unresponsive or allow for arbitrary code execution, posing a significant security risk. Affected users should be aware of the potential for exploitation and take appropriate measures to secure their devices.

Affected Version(s)

EOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ (EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D RE ...[truncated*]