Unallocated Memory Access in Canon Generic Plus Printer Drivers
CVE-2025-9904

6.9MEDIUM

Key Information:

Vendor

Canon Inc.

Status
Generic Plus Pcl6 Printer Driver
Generic Plus Ufr Ii Printer Driver
Generic Plus Lips4 Printer Driver
Generic Plus Lipslx Printer Driver
Vendor
CVE Published:
29 September 2025

What is CVE-2025-9904?

The vulnerability presents an unallocated memory access risk in the print processing subsystem of various Canon Generic Plus printer drivers. This flaw may allow an attacker to exploit memory handling issues, potentially leading to unexpected behavior or exposure of sensitive information when processing print jobs. Organizations using affected Canon printer drivers should apply the recommended updates to mitigate potential security risks.

Affected Version(s)

CARPS2 Printer Driver 31.05 and earlier

Generic FAX Driver 10.67 and earlier

Generic Plus LIPS4 Printer Driver 3.30 and earlier

References

https://psirt.canon/advisory-information/cp2025-005/
vendor-advisory
https://canon.jp/support/support-info/250925vulnerability...
vendor-advisory
https://www.usa.canon.com/about-us/to-our-customers/cp202...
vendor-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.