Buffer Overflow in Canon EOS Digital Cameras and PowerShot Models
CVE-2019-6001

6.8MEDIUM

Key Information:

Vendor: Canon, Inc.
Status: Eos Series Digital Cameras, Powershot Sx740 Hs, Powershot Sx70 Hs, And Powershot G5xmarkⅱ
Vendor: CVE Published:; 6 August 2019

Summary

A buffer overflow vulnerability has been identified in the Picture Transfer Protocol (PTP) of various Canon EOS series digital cameras and PowerShot models. This flaw allows an attacker on the same network segment to exploit the vulnerability through the 'setadapterbatteryreport' command, potentially causing the device to become unresponsive or allowing the execution of arbitrary code. Users with firmware versions specified above are advised to take immediate action for mitigation.

Affected Version(s)

EOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ (EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D RE ...[truncated*]