Cyber Posture

CVE-2024-11344

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 13.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11344 is a high-severity Type Confusion (CWE-843) vulnerability in Lexmark (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation of the identified type confusion flaw in the Postscript interpreter via Lexmark patches directly prevents arbitrary code execution exploitation.

SI-10 Information Input Validation partial match
prevent

Validates Postscript inputs for consistency with expected formats and types, reducing the risk of malformed files triggering the type confusion vulnerability.

SI-16 Memory Protection partial match
prevent

Implements memory safeguards such as non-executable memory and address space randomization to mitigate arbitrary code execution resulting from the type confusion exploit.

NVD Description

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Deeper analysisAI

CVE-2024-11344 is a type confusion vulnerability (CWE-843) in the Postscript interpreter within various Lexmark devices. Published on 2025-02-13, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and enables attackers to execute arbitrary code by exploiting mishandled type data during Postscript processing.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a maliciously crafted Postscript file to an affected Lexmark device, the attacker can trigger the type confusion, leading to arbitrary code execution and potential low-level impacts on confidentiality, integrity, and availability.

Mitigation guidance is available through Lexmark's security advisories at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.

Details

CWE(s)
CWE-843

Affected Products

Lexmark
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-25537Shared CWE-843
CVE-2026-5865Shared CWE-843
CVE-2026-4702Shared CWE-843
CVE-2025-21342Shared CWE-843
CVE-2025-53144Shared CWE-843
CVE-2025-10585Shared CWE-843
CVE-2026-20860Shared CWE-843
CVE-2026-40683Shared CWE-843
CVE-2026-24874Shared CWE-843
CVE-2026-5871Shared CWE-843

References