CVE-2024-12648
Published: 28 January 2025
Summary
CVE-2024-12648 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-12648 is a buffer overflow vulnerability (CWE-787) in the processing of TIFF data EXIF tags within the firmware of certain Canon Small Office Multifunction Printers and Laser Printers. It affects specific models including Satera MF656Cdw/MF654Cdw (firmware v05.04 and earlier, sold in Japan), Color imageCLASS MF656Cdw/MF654Cdw/MF653Cdw/MF652Cdw and LBP633Cdw/LBP632Cdw (firmware v05.04 and earlier, sold in the US), and i-SENSYS MF657Cdw/MF655Cdw/MF651Cdw, LBP633Cdw, and LBP631Cdw (firmware v05.04 and earlier, sold in Europe). The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), reflecting its network accessibility, low attack complexity, and lack of prerequisites.
An unauthenticated attacker on the same network segment can exploit this vulnerability remotely by sending maliciously crafted TIFF data to the affected device. Successful exploitation may cause the printer to become unresponsive (denial of service) or allow arbitrary code execution, potentially compromising confidentiality, integrity, and availability with high impact.
Canon has published advisories detailing the vulnerability response, including mitigation measures and patch information, available at support pages such as https://canon.jp/support/support-info/250127vulnerability-response, https://psirt.canon/advisory-information/cp2025-001/, https://www.canon-europe.com/support/product-security/#news, and https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers. Security practitioners should review these for firmware updates and apply them promptly to vulnerable devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51023
Vulnerability details
Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera…
more
MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible printer firmware processing allows unauthenticated remote exploitation via crafted TIFF data, directly enabling initial access through public-facing application exploitation (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Applying Canon-provided firmware updates directly remediates the buffer overflow vulnerability in TIFF EXIF tag processing.
Validates incoming TIFF data and EXIF tags to block malformed inputs that trigger the buffer overflow.
Implements memory safeguards like DEP and ASLR to mitigate arbitrary code execution even if the buffer overflow occurs.