CVE-2023-50739

CVE-2023-50739 is a buffer overflow vulnerability (CWE-122) in the Internet Printing Protocol (IPP) implementation across various Lexmark devices. Published on January 18, 2025, it has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw allows an attacker to execute arbitrary code by overflowing the buffer during IPP processing.

An unauthenticated attacker positioned on an adjacent network, such as the same local subnet, can exploit this vulnerability with low attack complexity and no user interaction required. By transmitting crafted IPP requests to the affected device, the attacker triggers the buffer overflow, achieving arbitrary code execution. This results in high impacts to confidentiality, integrity, and availability on the targeted Lexmark printer or multifunction device.

Lexmark provides details on mitigations, patches, and affected products in their security advisories, accessible at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html. Security practitioners should consult this resource for firmware updates or configuration guidance to address the vulnerability.