CVE-2024-11346
Published: 13 February 2025
Description
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836.
Security Summary
CVE-2024-11346 is a Type Confusion vulnerability (CWE-843: Access of Resource Using Incompatible Type) in the Postscript interpreter modules of Lexmark International printers, including CX, XC, CS, and related models. This flaw enables Resource Injection and affects firmware versions from 001.001:0 through 081.231, as well as ranges *.*.P001 through *.*.P233, *.*.P001 through *.*.P759, and *.*.P001 through *.*.P836. The vulnerability was published on 2025-02-13 with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low barriers to exploitation.
Attackers can exploit this vulnerability remotely over the network without authentication, privileges, or user interaction, as it requires low complexity and maintains an unchanged scope. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to inject malicious resources via crafted Postscript inputs processed by the affected interpreter modules.
For mitigation details, refer to Lexmark's security advisories at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, which provide guidance on patches and workarounds for vulnerable devices.
Details
- CWE(s)