CP2025-002 Vulnerability Mitigation for Certain Printer Drivers for Office/Small Office Multifunction Printers and Laser Printers
February 24, 2025
Canon Inc.
Description
Out-of-bounds vulnerabilities were found for certain printer drivers for office/small office multifunction printers and laser printers that may prevent printing when a crafted XPS document (*) is printed.
These vulnerabilities do not affect printing of normal XPS documents created by common applications and do not cause issues such as data breach.
*XPS document is an XML based markup language and file format developed by Microsoft for describing documents.
Affected Printer Drivers
Generic PCL6 V4 Printer Driver - All versions
Generic UFR II V4 Printer Driver - All versions
Generic LIPSLX V4 Printer Driver - All versions
CVE/CVSS:
| CVE-2025-0234: | Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver |
| CVSS v3 CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3 |
| CVE-2025-0235: | Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver |
| CVSS v3 CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3 |
| CVE-2025-0236: | Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver |
| CVSS v3 CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3 |
Mitigation
Please delete your current printer driver and download the latest version of the following printer drivers.
Generic Plus PCL6 Printer Driver
Generic Plus UFR II Printer Driver
Generic Plus LIPSLX Printer Driver
Please check the websites of your local Canon sales representatives for the latest printer driver.