Lexmark PostScript Interpreter Vulnerability Allows Arbitrary Code Execution
CVE-2023-50736

9CRITICAL

Key Information:

Vendor: Lexmark
Status: Various
Vendor: CVE Published:; 28 February 2024

Summary

A memory corruption vulnerability has been detected in the PostScript interpreter utilized in various Lexmark devices. This flaw allows attackers to exploit the affected systems, potentially executing arbitrary code. If not addressed, this vulnerability could lead to unauthorized access or manipulation of device functionality, posing risks to sensitive data and network integrity.

Affected Version(s)

various various

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Dec 11, 2023

Credit

Chris Anastasio working with Trend Micro’s Zero Day Initiative (ZDI)