Updated: April 17, 2025

Date: March 28, 2025

Description:

Out-of-bounds vulnerability was found in certain printer drivers for production printers, office/small office multifunction printers and laser printers that may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application.

Affected Printer Drivers:

• Generic Plus PCL6 Printer Driver – V3.12 and earlier
• Generic Plus UFR II Printer Driver - V3.12 and earlier
• Generic Plus LIPS4 Printer Driver - V3.12 and earlier
• Generic Plus LIPSLX Printer Driver - V3.12 and earlier
• Generic Plus PS Printer Driver - V3.12 and earlier
• Generic FAX Printer Driver - V10.65 and earlier

CVE/CVSS:

CVE-2025-1268:

Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Base Score: 9.4

Remediation:

Printer drivers designed to address the issue are available on websites of your local Canon sales representatives. We advise that our customers install the latest printer drivers available.

• Generic Plus PCL6 Printer Driver – V3.15 and higher
• Generic Plus UFR II Printer Driver - V3.15 and higher
• Generic Plus LIPS4 Printer Driver - V3.15 and higher
• Generic Plus LIPSLX Printer Driver - V3.15 and higher
• Generic Plus PS Printer Driver - V3.15 and higher
• Generic FAX Printer Driver - V10.66 and higher

Update History:

• 2025-04-17: Added affected printer drivers (Generic FAX Driver - V10.65 and earlier)
• 2025-03-28: Created

Thank you to Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting this vulnerability.