CVE-2024-11347

High

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0004 13.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11347 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Lexmark International CX (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the integer overflow vulnerability in Lexmark Postscript interpreter modules through timely application of vendor firmware patches.

SI-10 Information Input Validation partial match

prevent

Mitigates remote exploitation by validating specially crafted Postscript inputs to prevent integer overflows or wraparounds in the interpreter.

SC-7 Boundary Protection partial match

prevent

Reduces network-accessible attack surface by enforcing boundaries that limit unauthenticated remote access to vulnerable Lexmark printer services.

NVD Description

Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Deeper analysisAI

CVE-2024-11347 is an integer overflow or wraparound vulnerability (CWE-190) affecting Postscript interpreter modules in Lexmark International printers, including models such as CX, XC, CS, and others. The flaw enables forced integer overflow, which can be leveraged to execute arbitrary code as an unprivileged user. It has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.

A remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction by sending specially crafted data to the affected Postscript interpreter. Successful exploitation allows arbitrary code execution in the context of an unprivileged user on the targeted printer, potentially leading to limited confidentiality, integrity, and availability impacts as reflected in the CVSS vector.

Lexmark provides details on mitigation through its security advisories page at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, where practitioners should consult for patches, firmware updates, or workarounds specific to affected devices.