CVE-2024-12648 — CRITICAL (9.8)

Q: How severe is CVE-2024-12648?

CVE-2024-12648 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-12648?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf455Dw Firmware, Canon Mf455Dw, Canon Mf453Dw Firmware, Canon Mf453Dw, Canon Mf452Dw Firmware.

Vulnerability Description

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canon	Mf455Dw Firmware	<= 05.04
Canon	Mf455Dw	-
Canon	Mf453Dw Firmware	<= 05.04
Canon	Mf453Dw	-
Canon	Mf452Dw Firmware	<= 05.04
Canon	Mf452Dw	-
Canon	Mf451Dw Firmware	<= 05.04
Canon	Mf451Dw	-
Canon	Mf465Dw Firmware	<= 05.04
Canon	Mf465Dw	-
Canon	Mf462Dw Firmware	<= 05.04
Canon	Mf462Dw	-
Canon	Mf656Cdw Firmware	<= 05.04
Canon	Mf656Cdw	-
Canon	Mf654Cdw Firmware	<= 05.04
Canon	Mf654Cdw	-
Canon	Mf653Cdw Firmware	<= 05.04
Canon	Mf653Cdw	-
Canon	Mf652Cw Firmware	<= 05.04
Canon	Mf652Cw	-

Related Weaknesses (CWE)

CWE-787

References

https://canon.jp/support/support-info/250127vulnerability-responseVendor Advisory
https://psirt.canon/advisory-information/cp2025-001/Vendor Advisory
https://www.canon-europe.com/support/product-security/#newsVendor Advisory
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regardVendor Advisory

FAQ

What is CVE-2024-12648?

CVE-2024-12648 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u...

How severe is CVE-2024-12648?

CVE-2024-12648 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-12648?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf455Dw Firmware, Canon Mf455Dw, Canon Mf453Dw Firmware, Canon Mf453Dw, Canon Mf452Dw Firmware.