Out-of-Bounds Write Vulnerabilities in Canon Printer Drivers
CVE-2025-9903

5.9MEDIUM

Key Information:

Vendor

Canon Inc.

Status
Generic Plus Pcl6 Printer Driver
Generic Plus Ufr Ii Printer Driver
Generic Plus Lips4 Printer Driver
Generic Plus Lipslx Printer Driver
Vendor
CVE Published:
29 September 2025

What is CVE-2025-9903?

The vulnerability in Canon's Generic Plus Printer Drivers allows for out-of-bounds write exploits, which may lead to unauthorized memory access or arbitrary code execution. This issue affects various printer drivers, potentially compromising the functionality and security of devices utilizing these drivers. Users are advised to apply patches or workarounds to mitigate risks associated with these vulnerabilities.

Affected Version(s)

CARPS2 Printer Driver 31.05 and earlier

Generic FAX Driver 10.67 and earlier

Generic Plus LIPS4 Printer Driver 3.30 and earlier

References

https://psirt.canon/advisory-information/cp2025-005/
vendor-advisory
https://canon.jp/support/support-info/250925vulnerability...
vendor-advisory
https://www.usa.canon.com/about-us/to-our-customers/cp202...
vendor-advisory

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.