CVE-2024-11347

CVE-2024-11347 is an integer overflow or wraparound vulnerability (CWE-190) affecting Postscript interpreter modules in Lexmark International printers, including models such as CX, XC, CS, and others. The flaw enables forced integer overflow, which can be leveraged to execute arbitrary code as an unprivileged user. It has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.

A remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction by sending specially crafted data to the affected Postscript interpreter. Successful exploitation allows arbitrary code execution in the context of an unprivileged user on the targeted printer, potentially leading to limited confidentiality, integrity, and availability impacts as reflected in the CVSS vector.

Lexmark provides details on mitigation through its security advisories page at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, where practitioners should consult for patches, firmware updates, or workarounds specific to affected devices.