CVE-2024-11345

High

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0004 13.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11345 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Lexmark (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely patching and remediation of the heap-based buffer overflow vulnerability in the Lexmark Postscript interpreter to eliminate arbitrary code execution.

SI-16 Memory Protection partial match

prevent

Implements memory protections like ASLR and heap hardening to mitigate exploitation of the heap-based memory corruption vulnerability even if unpatched.

SI-10 Information Input Validation partial match

prevent

Mandates validation of Postscript inputs to prevent crafted malicious inputs from triggering the heap overflow and enabling remote code execution.

NVD Description

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

Deeper analysisAI

CVE-2024-11345 is a heap-based memory vulnerability, classified under CWE-787, affecting the Postscript interpreter in various Lexmark devices. Published on 2025-02-13T19:15:13.200, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The issue enables attackers to execute arbitrary code by leveraging the memory corruption.

A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low attack complexity. Exploitation results in low impacts to confidentiality, integrity, and availability, but critically allows arbitrary code execution on the targeted Lexmark device.

Lexmark provides details on this vulnerability through its security advisories page at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, which security practitioners should consult for mitigation guidance and patches.