CVE-2025-14235

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 79.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canon Lbp1238 II Firmware Canon Lbp236dw Firmware Canon Lbp237dw Firmware +34 more

Timeline

PublishedJan 16

Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF164…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages37 packages

▶CVEListV5canon_inc./color_imageclass_mf650c_series06.02 and earlier

▶CVEListV5canon_inc./imageclass_mf450_series06.02 and earlier

▶CVEListV5canon_inc./imageclass_lbp230_series06.02 and earlier

▶CVEListV5canon_inc./i-sensys_mf450_series06.02 and earlier

▶CVEListV5canon_inc./i-sensys_lbp230_series06.02 and earlier

🔴Vulnerability Details

GHSA

GHSA-wcv5-68f6-32pr: Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the netwo↗2026-01-16

▶

CVEList

CVE-2025-14235: Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the netwo↗2026-01-15

▶