Type Confusion Vulnerability in Lexmark Devices
CVE-2024-11344

7.3HIGH

Key Information:

Vendor: Lexmark
Status: Cx, Xc, Cs, Ms, Mx, Xm, Et. Al.
Vendor: CVE Published:; 13 February 2025

What is CVE-2024-11344?

A type confusion vulnerability has been discovered in the Postscript interpreter used in various Lexmark devices. This vulnerability allows attackers to manipulate the data types during code execution, potentially leading to arbitrary code execution. If exploited, this could grant attackers unauthorized access to sensitive information or lead to further compromise of the device’s functionality. It is crucial for users of affected Lexmark products to remain informed about this vulnerability and apply necessary security updates.

Affected Version(s)

CX, XC, CS, MS, MX, XM, et. al. 0

CX, XC, CS, MS, MX, XM, et. al. CXTLS.240.200

CX, XC, CS, MS, MX, XM, et. al. 0

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Nov 18, 2024