Lexmark PostScript Interpreter Vulnerability Allows Arbitrary Code Execution
CVE-2023-50735

9CRITICAL

Key Information:

Vendor: Lexmark
Status: Various
Vendor: CVE Published:; 28 February 2024

Summary

A heap corruption issue has been identified within the PostScript interpreter used in various Lexmark devices. This vulnerability presents an opportunity for malicious actors to exploit the affected devices, potentially leading to the execution of arbitrary code. Users of Lexmark's multifunction and color printers should remain vigilant and apply necessary security updates as outlined in the vendor advisory to mitigate risks associated with this vulnerability.

Affected Version(s)

various various

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Dec 11, 2023

Credit

Lexmark would like to thank the following people working with Trend Micro’s Zero Day Initiative (ZDI) for bringing this issue to our attention: Rick de Jager of team PHPHooligans Carlo Meijer of team PHPHooligans Jonathan Jagt of team PHPHooligans