CVE-2025-1268

CVE-2025-1268 is an out-of-bounds write vulnerability (CWE-787) in the EMF Recode processing functionality of multiple Canon printer drivers, including the Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, Generic Plus PS Printer Driver, Generic FAX Printer Driver, UFRII LT Printer Driver, CARPS2 Printer Driver, PDF Driver, LIPS4 Printer Driver, LIPSLX Printer Driver, UFR II Printer Driver, PS Printer Driver, and PCL6 Printer Driver. Published on March 31, 2025, the flaw carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L), indicating critical severity due to its potential for high impact on confidentiality and integrity.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation could allow attackers to achieve high-level compromise of confidentiality and integrity, such as unauthorized data access or modification, alongside limited availability disruption on affected systems running the vulnerable printer drivers.

Canon has issued advisories detailing the vulnerability response, including support information and remediation guidance available at https://canon.jp/support/support-info/250328vulnerability-response and https://psirt.canon/advisory-information/cp2025-003/. Additional resources on product security and service notices for printer drivers are provided at https://www.canon-europe.com/support/product-security/ and https://www.usa.canon.com/about-us/to-our-customers/service-notice-vulnerability-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-and-laser-printers, recommending users apply available patches or updates.