Source: www.securityweek.com – Author: Eduard Kovacs
Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers.
According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability.
The security hole is tracked as CVE-2025-1268 and it has a CVSS severity score of 9.4. The flaw impacts the EMF recode processing of Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS printer drivers, specifically versions 3.12 and earlier.
Canon told users that exploitation of the vulnerability can allow an attacker to prevent printing or potentially execute arbitrary code “when the print is processed by a malicious application”.
Microsoft’s Offensive Research and Security Engineering (MORSE) team has been credited for responsibly disclosing the vulnerability.
Users have been advised to check Canon websites for patched versions of the vulnerable printer drivers.
Driver vulnerabilities can pose a serious risk to users and organizations. It’s not uncommon for threat actors to exploit vulnerable drivers in attacks leveraging the bring-your-own-vulnerable-driver (BYOVD) technique.
Canon recently also published advisories to notify customers of several other printer vulnerabilities that could allow remote code execution or DoS attacks.
Advertisement. Scroll to continue reading.
Related: Xerox Versalink Printer Vulnerabilities Enable Lateral Movement
Related: HP Launches Printers With Quantum Resilient Cryptography
Related: Medusa Ransomware Uses Malicious Driver to Disable Security Tools
Related: Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
Original Post URL: https://www.securityweek.com/critical-vulnerability-found-in-canon-printer-drivers/
Category & Tags: Vulnerabilities,Canon,printer,vulnerability – Vulnerabilities,Canon,printer,vulnerability
Views: 2
