PT-2019-13599 · Ricoh · Ricoh Sp C250Dn+1

Published

2019-08-26

·

Updated

2019-09-13

·

CVE-2019-14308

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Ricoh SP C250DN firmware versions up to 1.06 Ricoh SP C250SF firmware versions up to 1.12
Description The issue affects several Ricoh printer models, including the SP C250DN and SP C250SF, due to buffer overflows when parsing LPD packets. This can lead to a denial of service or code execution if an attacker sends crafted requests to the LPD service.
Recommendations For Ricoh SP C250DN firmware versions up to 1.06, update the firmware to a version later than 1.06. For Ricoh SP C250SF firmware versions up to 1.12, update the firmware to a version later than 1.12. As a temporary workaround, consider restricting access to the LPD service until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-14308

Affected Products

Ricoh Sp C250Dn
Ricoh Sp C250Sf