Unrated severityNVD Advisory· Published Aug 26, 2019· Updated Aug 5, 2024

CVE-2019-14300

Description

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in HTTP cookie parsing on multiple Ricoh printers allows remote unauthenticated attackers to cause DoS or execute arbitrary code.

Vulnerability

A buffer overflow vulnerability exists in the parsing of HTTP cookie headers in the web server of multiple Ricoh printers and multifunction printers (MFPs). Affected models include SP C250dn (firmware up to 1.06), SP C252dn, SP C250sf (firmware up to 1.12), and SP C252sf. The issue is classified as CWE-119 (buffer overflow) [1].

Exploitation

An unauthenticated attacker can exploit this vulnerability over the network by sending a crafted HTTP request with an overly long cookie header to the printer's web server. No authentication or user interaction is required [1].

Impact

Successful exploitation can lead to denial of service or arbitrary code execution. The CVSS v3 base score is 9.8, indicating critical severity. The attacker gains full control of the affected device with the privileges of the web server [1].

Mitigation

The vendor recommends updating the printer firmware to the latest version. Specific firmware updates are provided by Ricoh; users should consult the official support page for their device [1][2].

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Ricoh/printersdescription
Ricoh/SP C250dnllm-fuzzy
Range: <=1.06
Ricoh/SP C250sfllm-fuzzy
Range: <=1.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN11708203/index.htmlmitrethird-party-advisoryx_refsource_JVN
www.ricoh-usa.com/en/support-and-downloadmitrex_refsource_MISC
www.ricoh.com/info/2019/0823_1/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000