/Contact-Support/Product-Advisories/2025-APR-3-PrintDriverVulnerabilityRemediation.html
Service Notice: Vulnerability Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Description:
Out-of-bounds vulnerability was found in certain printer drivers for production printers, office/small office multifunction printers and laser printers that may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application.
Affected Printer Drivers:
- Generic Plus PCL6 Printer Driver – V3.12 and earlier
- Generic Plus LIPS4 Printer Driver – V3.12 and earlier
- Generic Plus LIPSLX Printer Driver – V3.12 and earlier
- Generic Plus PS Printer Driver – V3.12 and earlier
- Generic Plus UFR II Printer Driver – V3.12 and earlier
- Generic FAX Printer Driver – V10.65 and earlier
- UFRII LT Printer Driver – V30.88 and earlier
CVE/CVSS:
CVE-2025-1268:
Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic Plus UFR II Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Base Score: 9.4
Remediation:
Please check the websites of your local Canon sales representatives for the latest printer driver. We advise that our customers install the latest printer drivers available.
- Generic Plus PCL6 Printer Driver – V3.15 and higher
- Generic Plus UFR II Printer Driver – V3.15 and higher
- Generic Plus LIPS4 Printer Driver – V3.15 and higher
- Generic Plus LIPSLX Printer Driver – V3.15 and higher
- Generic Plus PS Printer Driver – V3.15 and higher
- Generic FAX Printer Driver – V10.66 and higher
- UFRII LT Printer Driver – V31.05 and higher
Update History:
- 2025-05-09: Added affected printer drivers (UFRII LT Printer Driver - V30.88 and earlier)
- 2025-04-23: Added affected printer drivers (Generic FAX Driver - V10.65 and earlier)
- 2025-04-03: Created
Thank you to Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting this vulnerability.