JVNVU#93701955
Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

Overview

Out-of-bounds Write vulnerabilities were found in Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers.

Products Affected

For details on the affected products and versions, see the information provided by the vendor.

Description

Out-of-bounds Write vulnerabilities were found in Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers.

• Out-of-bounds Write vulnerability on curve segmentation (CWE-787)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3
  • CVE-2025-0234
• Out-of-bounds Write vulnerability on image rendering (CWE-787)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3
  • CVE-2025-0235
• Out-of-bounds Write vulnerability on slope processing during curve rendering (CWE-787)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3
  • CVE-2025-0236
• Out-of-bounds Write vulnerability on EMF records processing (CWE-787)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Base Score: 9.4
  • CVE-2025-1268

Impact

• Printing a crafted XPS data may cause Denial-of-Service (DoS) condition (CVE-2025-0234, CVE-2025-0235, CVE-2025-0236)
• Passing some invalid values to the affected printer driver may cause Denial-of-Service (DoS) condition; and with some additional condition met, arbitrary code may be executed (CVE-2025-1268)

Solution

Update the Software or Apply the Workarounds
For CVE-2025-1268, the developer provides the fixed version.
For CVE-2025-0234, CVE-2025-0235 and CVE-2025-0236, the developer recommends to apply the workarounds.

See the information provided by the developer.