CP2025-005 Vulnerabilities Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

CP2025-005 Vulnerabilities Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

Updated: January 15, 2026
September 25, 2025
Canon Inc.
 
 
Description
Multiple vulnerabilities were found in certain printer drivers for production printers, office/small office multifunction printers, and laser printers. These vulnerabilities may potentially allow out-of-bounds memory access and/or Denial-of-Service (DoS) attacks when printing is processed by a malicious application.
 
Affected Printer Drivers
Generic Plus PCL6 Printer Driver – V3.30 and earlier
Generic Plus UFR II Printer Driver – V3.30 and earlier
Generic Plus LIPS4 Printer Driver – V3.30 and earlier
Generic Plus LIPSLX Printer Driver – V3.30 and earlier
Generic Plus PS Printer Driver – V3.30 and earlier
UFRII LT Printer Driver - V31.05 and earlier
CARPS2 Printer Driver - V31.05 and earlier
Generic FAX Driver - V10.67 and earlier
 
Remediation
Printer drivers designed to address the issue are available on the websites of your local Canon sales representatives. We advise that our customers install the latest printer drivers available.
 
Generic Plus PCL6 Printer Driver – V3.31 and higher
Generic Plus UFR II Printer Driver – V3.31 and higher
Generic Plus LIPS4 Printer Driver – V3.31 and higher
Generic Plus LIPSLX Printer Driver – V3.31 and higher
Generic Plus PS Printer Driver – V3.31 and higher
UFRII LT Printer Driver - V31.10 and higher
CARPS2 Printer Driver - V31.10 and higher
Generic FAX Driver - V10.70 and higher
 
CVE/CVSS:
CVE-2025-7698: Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver
  CVSS v4 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N Base Score: 5.9
  CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L Base Score: 5.9

CVE-2025-9903: Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver
  CVSS v4 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Base Score: 5.9
  CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score: 5.9

CVE-2025-9904: Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver
  CVSS v4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score: 6.9
  CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3
 
Update History
2026-01-15: Added affected printer drivers (UFRII LT Printer Driver - V31.05 and earlier, CARPS2 Printer Driver - V31.05 and earlier, Generic FAX Driver - V10.67 and earlier)
2025-09-25: Created
 
 
Thank you to Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting the out-of-bounds read vulnerability (CVE-2025-7698).