CVE-2024-12649

Critical

Published: 28 January 2025

Published

28 January 2025

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 53.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

Security Summary

CVE-2024-12649 is a buffer overflow vulnerability (CWE-787) in the XPS data font processing component of specific Canon Small Office Multifunction Printers and Laser Printers. Affected products include Satera MF656Cdw and MF654Cdw with firmware v05.04 and earlier sold in Japan; Color imageCLASS MF656Cdw, MF654Cdw, MF653Cdw, MF652Cdw, LBP633Cdw, and LBP632Cdw with firmware v05.04 and earlier sold in the US; and i-SENSYS MF657Cdw, MF655Cdw, MF651Cdw, LBP633Cdw, and LBP631Cdw with firmware v05.04 and earlier sold in Europe.

The vulnerability can be exploited by an unauthenticated attacker on the same network segment with low complexity and no user interaction required. Successful exploitation may cause the affected printer to become unresponsive (denial of service) or allow execution of arbitrary code, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflecting critical severity across confidentiality, integrity, and availability impacts.

Canon advisories, such as PSIRT advisory CP2025-001 and regional support notices from Japan, Europe, and the US, detail vulnerability responses and measures against this buffer overflow in laser printers and small office multifunction printers. Security practitioners should consult these resources for patching instructions and firmware updates.

Details

CWE(s): CWE-787

Affected Products

canon

mf455dw firmware

≤ 05.04

canon

mf453dw firmware

≤ 05.04

canon

mf452dw firmware

≤ 05.04

canon

mf451dw firmware

≤ 05.04

canon

mf465dw firmware

≤ 05.04

canon

mf462dw firmware

≤ 05.04

canon

mf656cdw firmware

≤ 05.04

canon

mf654cdw firmware

≤ 05.04

canon

mf653cdw firmware

≤ 05.04

canon

mf652cw firmware

≤ 05.04

+12 more product configuration(s) — see NVD for full list

References

https://canon.jp/support/support-info/250127vulnerability-response
Vendor Advisory · f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2025-001/
Vendor Advisory · f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security/#news
Vendor Advisory · f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
Vendor Advisory · f98c90f0-e9bd-4fa7-911b-51993f3571fd