CVE-2024-9419

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.1 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_11505949-11505972-16	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-30 18:15

Updated : 2026-01-26 18:00

NVD link : CVE-2024-9419

Mitre link : CVE-2024-9419

CVE.ORG link : CVE-2024-9419

JSON object : View

Products Affected

hp

smart_universal_printing_driver

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-9419", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-30T18:15:08.260", "references": [{"url": "https://support.hp.com/us-en/document/ish_11505949-11505972-16", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC."}, {"lang": "es", "value": "Los equipos cliente/servidor con el controlador de impresi\u00f3n universal inteligente de HP instalado son potencialmente vulnerables a la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios. Un cliente que utilice el controlador de impresi\u00f3n universal inteligente de HP que env\u00ede un trabajo de impresi\u00f3n compuesto por un archivo XPS malicioso podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios en el equipo."}], "lastModified": "2026-01-26T18:00:18.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67B0E9E3-F3CD-44CF-B115-A61FBE24D5B7", "versionEndExcluding": "4.07.1.3204"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}