CVE-2024-12649 — CRITICAL (9.8)

Q: How severe is CVE-2024-12649?

CVE-2024-12649 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-12649?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf455Dw Firmware, Canon Mf455Dw, Canon Mf453Dw Firmware, Canon Mf453Dw, Canon Mf452Dw Firmware.

Vulnerability Description

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canon	Mf455Dw Firmware	<= 05.04
Canon	Mf455Dw	-
Canon	Mf453Dw Firmware	<= 05.04
Canon	Mf453Dw	-
Canon	Mf452Dw Firmware	<= 05.04
Canon	Mf452Dw	-
Canon	Mf451Dw Firmware	<= 05.04
Canon	Mf451Dw	-
Canon	Mf465Dw Firmware	<= 05.04
Canon	Mf465Dw	-
Canon	Mf462Dw Firmware	<= 05.04
Canon	Mf462Dw	-
Canon	Mf656Cdw Firmware	<= 05.04
Canon	Mf656Cdw	-
Canon	Mf654Cdw Firmware	<= 05.04
Canon	Mf654Cdw	-
Canon	Mf653Cdw Firmware	<= 05.04
Canon	Mf653Cdw	-
Canon	Mf652Cw Firmware	<= 05.04
Canon	Mf652Cw	-

Related Weaknesses (CWE)

CWE-787

References

https://canon.jp/support/support-info/250127vulnerability-responseVendor Advisory
https://psirt.canon/advisory-information/cp2025-001/Vendor Advisory
https://www.canon-europe.com/support/product-security/#newsVendor Advisory
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regardVendor Advisory

FAQ

What is CVE-2024-12649?

CVE-2024-12649 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresp...

How severe is CVE-2024-12649?

CVE-2024-12649 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-12649?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf455Dw Firmware, Canon Mf455Dw, Canon Mf453Dw Firmware, Canon Mf453Dw, Canon Mf452Dw Firmware.