CVE-2025-9904
BaseFortify
Publication date: 2025-09-29
Last updated on: 2026-03-16
Assigner: Canon Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canon | generic_plus_lips4_printer_driver | 3.31 |
| canon | generic_plus_lipslx_printer_driver | 3.31 |
| canon | generic_plus_ps3_printer_driver | 3.31 |
| canon | generic_plus_pcl6_printer_driver | 3.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-696 | The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability does not impact confidentiality or integrity of data, only availability. Therefore, it is unlikely to directly affect compliance with standards like GDPR or HIPAA, which focus heavily on data protection and privacy.
Can you explain this vulnerability to me?
This vulnerability involves unallocated memory access during the print processing of several Generic Plus printer drivers, including PCL6, UFR II, LIPS4, LIPSLX, and PS printer drivers. This means the printer drivers may improperly access memory that has not been allocated, potentially leading to unexpected behavior or crashes.
How can this vulnerability impact me? :
The vulnerability can impact you by causing denial of service or disruption in printing services due to the unallocated memory access. Since the CVSS indicates no confidentiality or integrity impact but an availability impact, it primarily affects the availability of printing functions.