Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN200

_____________________________________________________________________

DATE                : 04/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Generic Plus PCL6 Printer Driver,
                       Generic Plus UFR II Printer Driver,
                       Generic Plus LIPS4 Printer Driver,
                       Generic Plus LIPSLX Printer Driver,
                       Generic Plus PS Printer Driver,
                         versions prior to 3.12.

=====================================================================
https://psirt.canon/advisory-information/cp2025-003/
_____________________________________________________________________


CP2025-003 Vulnerability Remediation for Certain Printer Drivers for
Production Printers, Office/Small Office Multifunction Printers and
Laser Printers

March 28, 2025
Canon Inc.
 
 
Description
Out-of-bounds vulnerability was found in certain printer drivers for
production printers, office/small office multifunction printers and
laser printers that may prevent printing and/or potentially be able
to execute arbitrary code when the print is processed by a malicious
application.
 

Affected Printer Drivers
Generic Plus PCL6 Printer Driver – V3.12 and earlier
Generic Plus UFR II Printer Driver - V3.12 and earlier
Generic Plus LIPS4 Printer Driver - V3.12 and earlier
Generic Plus LIPSLX Printer Driver - V3.12 and earlier
Generic Plus PS Printer Driver - V3.12 and earlier
 
CVE/CVSS:
CVE-2025-1268:         Out-of-bounds vulnerability in EMF Recode processing
of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer
Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX
Printer Driver / Generic Plus PS Printer Driver
          CVSS v3    CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L    Base Score: 9.4
 

Remediation
Printer drivers designed to address the issue will be uploaded on
websites of your local Canon sales representatives. We advise that
our customers install the latest printer drivers available.

Thank you to Microsoft Offensive Research and Security Engineering
Team (MORSE) for reporting this vulnerability.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================