Out-of-Bounds Vulnerability in Canon Generic Plus Printer Drivers
CVE-2025-1268

9.4CRITICAL

Key Information:

Vendor
Canon Inc.
Status
Generic Plus Pcl6 Printer Driver
Generic Plus Ufr Ii Printer Driver
Generic Plus Lips4 Printer Driver
Generic Plus Lipslx Printer Driver
Vendor
CVE Published:
31 March 2025

Badges

📈 Score: 218👾 Exploit Exists📰 News Worthy

What is CVE-2025-1268?

CVE-2025-1268 is an out-of-bounds vulnerability found in several Canon printer drivers, including the Generic Plus PCL6 and UFR II Printer Drivers, which are essential for printing high-quality documents across various environments. If exploited, this vulnerability could allow attackers to manipulate memory in ways that could compromise the integrity of the printer driver, potentially leading to unauthorized access or the execution of malicious code. Organizations utilizing affected Canon printers could face significant disruptions, ranging from operational downtime to data breaches, affecting both their reputation and financial standing.

Technical Details

The vulnerability arises in the EMF Recode processing routines of Canon’s Generic Plus printer drivers. Out-of-bounds vulnerabilities occur when software reads or writes data outside the allocated memory space, which can lead to unpredictable behavior, crashes, or exploitation by adversaries. Given that these drivers are integrated into numerous production and multifunction printers widely used in office settings, any flaws in their security can have serious implications for those dependent on these devices.

Potential impact of CVE-2025-1268

  1. Unauthorized Code Execution: This vulnerability could allow attackers to execute arbitrary code on systems using the affected printer drivers, leading to unauthorized access or malicious activities within the organization's network.

  2. Data Breaches: With potential access to sensitive data, such as documents processed through the affected printers, organizations could be at risk of data theft, which might include classified or confidential information.

  3. Operational Disruption: Exploitation of this vulnerability could lead to significant disruptions in printing services, affecting workflow and productivity in environments that rely heavily on printer operations. This could result in financial losses and hindered business processes.

Affected Version(s)

Generic FAX Printer Driver 10.65 and earlier

Generic Plus LIPS4 Printer Driver 3.12 and earlier

Generic Plus LIPSLX Printer Driver 3.12 and earlier

News Articles

favicon imageThe Cyber Express

Canon Printer Vulnerability CVE-2025-1268: Update Now

Canon issues a security alert for CVE-2025-1268 affecting printer drivers. Update to the latest drivers to protect against potential risks.

3 weeks ago

References

https://psirt.canon/advisory-information/cp2025-003/
vendor-advisory
https://canon.jp/support/support-info/250328vulnerability...
vendor-advisory
https://www.usa.canon.com/about-us/to-our-customers/servi...
vendor-advisory

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.