According to an
advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability.
The security hole is tracked as CVE-2025-1268 and it has a CVSS severity score of 9.4. The flaw impacts the EMF recode processing of Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS printer drivers, specifically versions 3.12 and earlier.
Canon told users that exploitation of the vulnerability can allow an attacker to prevent printing or potentially execute arbitrary code “when the print is processed by a malicious application”.
Microsoft’s Offensive Research and Security Engineering (MORSE) team has been credited for responsibly disclosing the vulnerability.
Users have been advised to check Canon websites for patched versions of the vulnerable printer drivers.
