Cyber Resilience

CVE-2024-11344

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 14.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11344 is a high-severity Type Confusion (CWE-843) vulnerability in Lexmark (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-11344 is a type confusion vulnerability (CWE-843) in the Postscript interpreter within various Lexmark devices. Published on 2025-02-13, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and enables attackers to execute arbitrary code by exploiting mishandled type data during Postscript processing.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a maliciously crafted Postscript file to an affected Lexmark device, the attacker can trigger the type confusion, leading to arbitrary code execution and potential low-level impacts on confidentiality, integrity, and availability.

Mitigation guidance is available through Lexmark's security advisories at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.

EU & UK References

Vulnerability details

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated arbitrary code execution via crafted Postscript input to network-exposed device interpreter directly enables T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24874Shared CWE-843
CVE-2025-65570Shared CWE-843
CVE-2025-47151Shared CWE-843
CVE-2024-11346Shared CWE-843
CVE-2025-70023Shared CWE-843
CVE-2026-25537Shared CWE-843
CVE-2025-53144Shared CWE-843
CVE-2026-40683Shared CWE-843
CVE-2026-21854Shared CWE-843
CVE-2025-13229Shared CWE-843

Affected Assets

Lexmark
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation of the identified type confusion flaw in the Postscript interpreter via Lexmark patches directly prevents arbitrary code execution exploitation.

prevent

Validates Postscript inputs for consistency with expected formats and types, reducing the risk of malformed files triggering the type confusion vulnerability.

prevent

Implements memory safeguards such as non-executable memory and address space randomization to mitigate arbitrary code execution resulting from the type confusion exploit.

References