JVNVU#99107852
Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers
Overview
Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities.
Products Affected
A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.
Description
Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below.
- Out-of-bounds write (CWE-787)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237
- Release of invalid pointer or reference (CWE-763)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-14233
Impact
A remote attacker may execute arbitrary code and/or cause a denial-of-service (DoS) condition.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the Workaround
Apply the following workarounds to prevent access from untrusted entities.
- Use the product within a network protected by a firewall
- Use the product with a private IP address
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.