CVE-2025-14237

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-14237
Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://canon.jp/support/support-info/260115vulnerability-response Vendor Advisory
https://psirt.canon/advisory-information/cp2026-001/ Vendor Advisory
https://www.canon-europe.com/support/product-security/ Vendor Advisory
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:canon:mf455dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf455dw:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:canon:mf453dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf453dw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:canon:mf452dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf452dw:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:canon:mf451dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf451dw:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:canon:mf654cdw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf654cdw:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:canon:mf656cdw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf656cdw:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:canon:mf653cdw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf653cdw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:canon:mf652cw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf652cdw:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:canon:mf1238_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf1238_ii:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:canon:mf1643if_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf1643if_ii:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:canon:mf1643i_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:mf1643i_ii:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:canon:lbp237dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:lbp237dw:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:canon:lbp236dw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:lbp236dw:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:canon:lbp633cdw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:lbp633cdw:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:canon:lbp632cdw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:lbp632cdw:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:canon:lbp1238_ii_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:canon:lbp1238_ii:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2026-01-16 00:16

Updated : 2026-01-26 15:11

NVD link : CVE-2025-14237

Mitre link : CVE-2025-14237

CVE.ORG link : CVE-2025-14237

JSON object : View

Products Affected

canon

  • mf653cdw
  • lbp633cdw
  • mf451dw
  • mf652cdw
  • lbp237dw
  • lbp237dw_firmware
  • mf654cdw
  • mf455dw
  • mf453dw
  • mf652cw_firmware
  • lbp632cdw
  • lbp1238_ii_firmware
  • lbp1238_ii
  • mf1643if_ii
  • lbp633cdw_firmware
  • mf653cdw_firmware
  • mf654cdw_firmware
  • lbp236dw_firmware
  • mf451dw_firmware
  • mf452dw
  • mf1643i_ii
  • mf1643i_ii_firmware
  • mf656cdw_firmware
  • mf656cdw
  • mf1238_ii_firmware
  • lbp236dw
  • lbp632cdw_firmware
  • mf452dw_firmware
  • mf455dw_firmware
  • mf1238_ii
  • mf1643if_ii_firmware
  • mf453dw_firmware
CWE
CWE-787

Out-of-bounds Write