CVE-2024-45320

Feb. 18, 2025, 6:15 a.m.

6.5
Medium

Description

Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.

Product(s) Impacted

Product Versions
DocuPrint CP225w
  • ['01.22.01 and earlier']
DocuPrint CP228w
  • ['01.22.01 and earlier']
DocuPrint CM225fw
  • ['01.10.01 and earlier']
DocuPrint CM228fw
  • ['01.10.01 and earlier']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References

https://jvn.jp/en/vu/JVNVU96297631/
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0217_announce.html

Tags

vultures@jpcert.or.jp
CWE-787
2025-02-18
CVE-2024-45320

CVSS Score

6.5 / 10

CVSS Data - 3.0

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Feb. 18, 2025, 6:15 a.m.
Last Modified: Feb. 18, 2025, 6:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.