Lexmark warns of security vulnerabilities in printer software and firmware
Lexmark has found security vulnerabilities in printer firmware and companion software. Updates are available to close them.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The printer manufacturer Lexmark has published security notices on vulnerabilities in printer companion software and firmware of various printer models. Attackers can infiltrate and execute malicious code. Updated software and firmware is available. Admins should install them promptly.
The most serious vulnerability is in the Lexmark Print Management Client (LPMC) companion software. The error description is very general: A vulnerability due to "relying on untrusted information in a security decision" (CWE-807) allows bypassing a protection mechanism (CVE-2025-1126, CVSS 9.3, risk"critical"). In the end, attackers can execute code in the SYSTEM or root context and delete folders on the computer for which elevated rights are actually required. Due to a double use of the CVE entry CVE-2024-11348, Lexmark has assigned a new CVE number. LPMC 3.0.0 to 3.4.0 are affected, version 3.5.0 or newer close the security gap.
Lexmark: Firmware of various printers with holes
The embedded web server in numerous Lexmark printers can be compromised by a combination of a path traversal vulnerability and the simultaneous execution of malicious code by attackers (CVE-2024-11348, CVSS 9.1, critical). Various printer models are affected, the list of which would go beyond the scope of this report – The security notice linked below lists them.
Videos by heise
The same applies to the other vulnerabilities in the Postscript interpreter of many printers –. IT managers who use Lexmark printers should also look through the list of affected devices and apply the available firmware update if necessary. By abusing the vulnerabilities, attackers from the network can execute malicious code with restricted user rights on the devices. However, Lexmark does not specify what exactly attacks would look like. Presumably this is achieved by sending manipulated print data.
The vulnerabilities are as follows:
- Reliance on Untrusted Inputs vulnerability in the Lexmark Print Management Client CVE-2025-1126, CVSS 9.3, risk critical
- Embedded Web Server Path Traversal and Concurrent Execution vulnerabilities CVE-2024-11348, CVSS 9.1, critical
- Postscript integer overflow vulnerability CVE-2024-11347, CVSS 7.3, high
- Postscript type confusion vulnerability CVE-2024-11346, CVSS 7.3, high
- Postscript heap-based memory vulnerability CVE-2024-11345, CVSS 7.3, high
- Postscript type confusion vulnerability CVE-2024-11344, CVSS 7.3, high
According to Lexmark, the company has no knowledge that any of the vulnerabilities have already been exploited on the Internet. Nevertheless, a quick update is advisable due to the severity of some of the vulnerabilities.
A week ago, the manufacturer HP had to publish updates for its PCL and Postscript universal printer drivers. These also contained critical security gaps that attackers could misuse to infiltrate and execute malicious code.
(dmk)
