Buffer Overflow Vulnerability in Canon Office Multifunction Printers
CVE-2023-0853

9.8CRITICAL

Key Information:

Vendor: Canon Inc.
Status: Canon Office/small Office Multifunction Printers And Laser Printers
Vendor: CVE Published:; 11 May 2023

Summary

A buffer overflow vulnerability exists in the mDNS NSEC record registration process of certain Canon office multifunction printers and laser printers. An attacker within the same network segment could exploit this vulnerability to cause the device to become unresponsive or potentially execute arbitrary code. This issue affects multiple printer series including Satera, Color imageCLASS, and i-SENSYS, specifically those running firmware version 11.04 and earlier. Users are advised to apply available patches to mitigate the risk of exploitation.

Affected Version(s)

Canon Office/Small Office Multifunction Printers and Laser Printers Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

References

https://www.canon-europe.com/support/product-security-lat...

https://psirt.canon/advisory-information/cp2023-001/

https://canon.jp/support/support-info/230414vulnerability...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Feb 16, 2023