CVE-2024-12649
Published: 28 January 2025
Summary
CVE-2024-12649 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-12649 is a buffer overflow vulnerability (CWE-787) in the XPS data font processing component of specific Canon Small Office Multifunction Printers and Laser Printers. Affected products include Satera MF656Cdw and MF654Cdw with firmware v05.04 and earlier sold in Japan; Color imageCLASS MF656Cdw, MF654Cdw, MF653Cdw, MF652Cdw, LBP633Cdw, and LBP632Cdw with firmware v05.04 and earlier sold in the US; and i-SENSYS MF657Cdw, MF655Cdw, MF651Cdw, LBP633Cdw, and LBP631Cdw with firmware v05.04 and earlier sold in Europe.
The vulnerability can be exploited by an unauthenticated attacker on the same network segment with low complexity and no user interaction required. Successful exploitation may cause the affected printer to become unresponsive (denial of service) or allow execution of arbitrary code, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflecting critical severity across confidentiality, integrity, and availability impacts.
Canon advisories, such as PSIRT advisory CP2025-001 and regional support notices from Japan, Europe, and the US, detail vulnerability responses and measures against this buffer overflow in laser printers and small office multifunction printers. Security practitioners should consult these resources for patching instructions and firmware updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51024
Vulnerability details
Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw…
more
firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-exposed XPS font processing component of printers enables unauthenticated remote code execution or DoS with no user interaction, directly mapping to exploitation of public-facing applications/services.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Vendor firmware updates directly remediate the buffer overflow vulnerability in XPS data font processing on affected Canon printers.
Boundary protection via firewalls and network segmentation prevents unauthenticated network segment attackers from reaching the vulnerable printer service.
Memory protection mechanisms such as non-executable data areas mitigate arbitrary code execution from buffer overflow exploitation.