FKIE_CVE-2025-14235

Vulnerability from fkie_nvd - Published: 2026-01-16 00:16 - Updated: 2026-01-26 15:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
References
f98c90f0-e9bd-4fa7-911b-51993f3571fdhttps://canon.jp/support/support-info/260115vulnerability-responseVendor Advisory
f98c90f0-e9bd-4fa7-911b-51993f3571fdhttps://psirt.canon/advisory-information/cp2026-001/Vendor Advisory
f98c90f0-e9bd-4fa7-911b-51993f3571fdhttps://www.canon-europe.com/support/product-security/Vendor Advisory
f98c90f0-e9bd-4fa7-911b-51993f3571fdhttps://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-PrintersVendor Advisory
Impacted products
Vendor Product Version
canon mf656cdw_firmware *
canon mf656cdw -
canon mf653cdw_firmware *
canon mf653cdw -
canon mf652cw_firmware *
canon mf652cdw -
canon mf1238_ii_firmware *
canon mf1238_ii -
canon mf1643if_ii_firmware *
canon mf1643if_ii -
canon mf1643i_ii_firmware *
canon mf1643i_ii -
canon lbp237dw_firmware *
canon lbp237dw -
canon lbp236dw_firmware *
canon lbp236dw -
canon lbp633cdw_firmware *
canon lbp633cdw -
canon lbp632cdw_firmware *
canon lbp632cdw -
canon lbp1238_ii_firmware *
canon lbp1238_ii -
canon mf455dw_firmware *
canon mf455dw -
canon mf453dw_firmware *
canon mf453dw -
canon mf452dw_firmware *
canon mf452dw -
canon mf451dw_firmware *
canon mf451dw -
canon mf654cdw_firmware *
canon mf654cdw -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf656cdw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2070566-9E21-464F-A85E-B4677CAEB4C8",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf656cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A3D591-82ED-42C4-B724-EDFA5E196066",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf653cdw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC4A58D-AAD1-458B-A298-E9DDA48B8509",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf653cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A2712C-6508-4DA4-B1EE-4A665063D9E8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf652cw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE4781E-1F80-46BE-853A-34F637AEE709",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf652cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67819E8-5A16-4552-A5DC-07CC1207AC54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf1238_ii_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F071041-7B34-44E2-BCC6-D35079DA4DE6",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf1238_ii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1DA9BB-15C1-4D4D-B73C-C995E859ACDC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf1643if_ii_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B14B75C-B5A9-4916-B0C2-140E4530D21A",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf1643if_ii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "264748B9-82FD-466C-894B-232305D930E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf1643i_ii_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54C17BA1-1D30-4810-B6CB-AA771115AE1C",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf1643i_ii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EF8B7A-8184-469E-AB2B-C13C24E4F01C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:lbp237dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9012E07-C73F-4F78-A16C-305EA9F3AB76",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:lbp237dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3406797E-EE0A-419B-862D-DBD8B505CCF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:lbp236dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA67E60-E7A7-4D07-BB1E-D9E5971EB811",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:lbp236dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4077161-199F-44A0-AE33-BC999E06B8E6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:lbp633cdw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7739A1A2-C899-4C6C-AA80-DE1045E06C90",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:lbp633cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E319965-0012-44F0-92A1-481BACA5C140",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:lbp632cdw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "244CDE62-A03F-441D-A6BA-AEF7818DCFA1",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:lbp632cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F1019F-0C13-4FCD-B9C1-7B58D7080953",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:lbp1238_ii_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3360B837-2F0F-482A-BBE9-55FEA4441DC4",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:lbp1238_ii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "555C8CC6-7E64-48A6-BC31-2CAA03FA8FCF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf455dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97C016E-CE05-4F54-B4F6-CB44451E7025",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf455dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "376C5E10-0D6C-405D-BC63-BDE7257A8142",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf453dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65134F0-B34B-42BF-B0DD-3ED5DFB0EB08",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf453dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "020E1E4D-4055-446C-A403-544F50236262",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf452dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB87B25-98FE-47A0-B2C3-D2CDD0E08910",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf452dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C814016-6D9B-483D-9C29-95E4624C6CA4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf451dw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3440DC39-8EE8-49A3-96E4-09D1ED5112E2",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf451dw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "700050B9-DA11-4D63-A3DB-D6924DD7F3DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canon:mf654cdw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6144CE24-D420-4253-A047-4B2A21E36153",
              "versionEndIncluding": "06.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:canon:mf654cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "396973A5-0427-460C-A268-F44DE2E54C29",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe."
    }
  ],
  "id": "CVE-2025-14235",
  "lastModified": "2026-01-26T15:11:00.790",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-16T00:16:27.933",
  "references": [
    {
      "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://canon.jp/support/support-info/260115vulnerability-response"
    },
    {
      "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.canon/advisory-information/cp2026-001/"
    },
    {
      "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.canon-europe.com/support/product-security/"
    },
    {
      "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
    }
  ],
  "sourceIdentifier": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "f98c90f0-e9bd-4fa7-911b-51993f3571fd",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.