PT-2026-3187 · Canon · 1238I Ii+20
Published
2026-01-15
·
Updated
2026-03-16
·
CVE-2025-14232
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Satera LBP670C Series/Satera MF750C Series versions v06.02 and earlier
Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II versions v06.02 and earlier
i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II versions v06.02 and earlier
Description
A buffer overflow exists in the XML processing of XPS files within Small Office Multifunction Printers and Laser Printers. This issue could allow a network attacker to cause the product to become unresponsive or to execute arbitrary code.
Recommendations
Satera LBP670C Series/Satera MF750C Series versions prior to v06.02 should be updated.
Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II versions prior to v06.02 should be updated.
i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II versions prior to v06.02 should be updated.
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
1238P Ii
1238Pr Ii
1238I Ii
1238If Ii
Color Imageclass Lbp630C
Color Imageclass Mf650C Series
Satera Lbp670C Series
Satera Mf750C Series
I-Sensys Lbp230 Series
I-Sensys Lbp630C Series
I-Sensys Mf450 Series
I-Sensys Mf550 Series
I-Sensys Mf650C Series
Imageclass Lbp230 Series
Imageclass Mf450 Series
Imageclass X Lbp1238 Ii
Imageclass X Mf1238 Ii
Imageclass X Mf1643I Ii
Imageclass X Mf1643If Ii
Imagerunner 1643I Ii
Imagerunner 1643If Ii