CVE-2024-11344

High

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0004 13.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Security Summary

CVE-2024-11344 is a type confusion vulnerability (CWE-843) in the Postscript interpreter within various Lexmark devices. Published on 2025-02-13, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and enables attackers to execute arbitrary code by exploiting mishandled type data during Postscript processing.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a maliciously crafted Postscript file to an affected Lexmark device, the attacker can trigger the type confusion, leading to arbitrary code execution and potential low-level impacts on confidentiality, integrity, and availability.

Mitigation guidance is available through Lexmark's security advisories at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.

Details

CWE(s): CWE-843

References

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
7bc73191-a2b6-4c63-9918-753964601853