Canon Laser Printer/Inkjet Printer and Small Office Multifunctional Printer measure against buffer overflow
Updated on: July 11, 2022
Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers/Inkjet Printer and Small Office Multifunctional Printers listed below. If the product is connected directly to the internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack. (CVE-2022-24672, CVE-2022-24673, CVE-2022-24674)
imageCLASS D Series
imageCLASS MF Series
MF1643i II/MF1643iF II
imageCLASS LBP Series
Inkjet Printer - WG Series
Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.
Please proceed to https://www.usa.canon.com/support to download the latest firmware.
* Regarding the availability of the firmware upgrades for Canon Small Office Multifunction Printers, please contact your Authorized Servicer in charge of servicing your Canon equipment.
Furthermore, if you have not done so already, we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
In addition, please check “Regarding security for products connected to a network” in the URL below for other security measures that can be used with your Canon products.
Canon would like to thank the following people for identifying this vulnerability.
CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
CVE-2022-24674: Nicolas Devillers ( @nikaiw ), Jean-Romain Garnier and Raphael Rigo ( @_trou_ ) working with Trend Micro's Zero Day Initiative
Canon U.S.A., Inc.
Get personalized support via My Canon Account. Access your account, or create a new account, click here to get started.