Canon warning: Printer drivers enable code smuggling
Canon has published a warning about security vulnerabilities in printer drivers. Attackers could infiltrate code. Also in some printers.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
There is a critical security gap in Canon printer drivers that may even allow attackers to inject and execute malicious code. In addition, security leaks in the firmware of some printers also allow attackers to smuggle code onto the affected devices.
In a security notice, Canon warns of the security leak in the printer drivers. “An out-of-provision memory boundary vulnerability has been discovered in certain printer drivers for production printers, office and small office printers, and laser printers, which may prevent printing and/or potentially allow arbitrary code execution if printing is processed by a malicious app,” is how Canon describes the vulnerability in a somewhat clumsy way.
Problem: Memory access outside the intended limits
The error can occur when EMF files are processed by the printer driver. EMF files are “enhanced metafiles”, further developed WMF files that have been enhanced for high-end printing (CVE-2025-1268, CVSS 9.4, risk “critical”).
Videos by heise
Canon does not specify what exactly the vulnerability looks like and how admins can detect misuse or an attempt to do so. The “Generic Plus” PCL6, UFR II, LIPS4, LIPSLX and PS printer drivers up to and including version 3.12 are affected. The new printer drivers should be available for download from Canon's local websites – , for example from Canon Germany here.
Canon: Vulnerable printer firmware
Until now, security gaps in the firmware of some laser printers and small office multifunction printers from Canon have remained under the radar. A security notice was issued at the end of February, in which the developers warned of a buffer overflow in the firmware. If the printers are connected directly to the Internet via a wired or WLAN router, attackers may be able to infiltrate and execute malicious code remotely or carry out a denial-of-service attack. Canon has issued three CVE numbers for the vulnerabilities, CVE-2024-12647, CVE-2024-12648 and CVE-2024-12649, and the Japanese CERT has assessed the risk as “critical” with a CVSS value of 9.8.
The printers of the Imageclass MF series MF455DW, MF453DW, MF452DW, MF451DW, MF656CDW, MF654CDW, MF653CDW, MF652CW, MF1238 II, MF1643iF II and MF1643i II are affected. In addition, the Imageclass LBP LBP237DW, LBP236DW, LBP632CDW, LBP633CDW and LBP1238 II printers. On devices with a touch panel, selecting “Update Firmware” on the start screen and confirming a license window should be sufficient to install a firmware update; models with a black and white display should be brought to the installation of the update via “Menu” – “Management Settings” – “Remote UI Settings/Update Firmware” – “Via Internet” and the subsequent confirmation of the license window. The new firmware closes the critical security leaks.
At the beginning of February, HP also had to warn of critical vulnerabilities in the PCL6 and Postscript universal drivers for HP printers. These also allowed malicious actors to smuggle in and launch malicious code. An update is also urgently recommended here.
(dmk)
