CVE-2025-14236
Description
Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
Affected products
24- Range: <=v06.02
- Range: <=v06.02
- Range: <=v06.02
- Canon Inc./1238iF IIv5Range: 06.02 and earlier
- Canon Inc./1238i IIv5Range: 06.02 and earlier
- Canon Inc./1238P IIv5Range: 06.02 and earlier
- Canon Inc./1238Pr IIv5Range: 06.02 and earlier
- Canon Inc./Color imageCLASS LBP630Cv5Range: 06.02 and earlier
- Canon Inc./Color imageCLASS MF650C Seriesv5Range: 06.02 and earlier
- Canon Inc./imageCLASS LBP230 Seriesv5Range: 06.02 and earlier
- Canon Inc./imageCLASS MF450 Seriesv5Range: 06.02 and earlier
- Canon Inc./imageCLASS X LBP1238 IIv5Range: 06.02 and earlier
- Canon Inc./imageCLASS X MF1238 IIv5Range: 06.02 and earlier
- Canon Inc./imageCLASS X MF1643iF IIv5Range: 06.02 and earlier
- Canon Inc./imageCLASS X MF1643i IIv5Range: 06.02 and earlier
- Canon Inc./imageRUNNER 1643iF IIv5Range: 06.02 and earlier
- Canon Inc./imageRUNNER 1643i IIv5Range: 06.02 and earlier
- Canon Inc./i-SENSYS LBP230 Seriesv5Range: 06.02 and earlier
- Canon Inc./i-SENSYS LBP630C Seriesv5Range: 06.02 and earlier
- Canon Inc./i-SENSYS MF450 Seriesv5Range: 06.02 and earlier
- Canon Inc./i-SENSYS MF550 Seriesv5Range: 06.02 and earlier
- Canon Inc./i-SENSYS MF650C Seriesv5Range: 06.02 and earlier
- Canon Inc./Satera LBP670C Seriesv5Range: 06.02 and earlier
- Canon Inc./Satera MF750C Seriesv5Range: 06.02 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- canon.jp/support/support-info/260115vulnerability-responsemitrevendor-advisory
- psirt.canon/advisory-information/cp2026-001/mitrevendor-advisory
- www.canon-europe.com/support/product-security/mitrevendor-advisory
- www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printersmitrevendor-advisory
News mentions
1- ZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution VulnerabilityZero Day Initiative · Mar 16, 2026