Skip to main content
CVE Vulnerability Database

CVE-2025-7698: Canon Printer Drivers Buffer Overflow Flaw

CVE-2025-7698 is a buffer overflow vulnerability affecting multiple Canon printer drivers during print processing. Attackers can exploit this out-of-bounds read flaw to compromise systems. This article covers technical details, affected versions, impact analysis, and mitigation strategies.

Published:

CVE-2025-7698 Overview

CVE-2025-7698 is an out-of-bounds read vulnerability [CWE-125] affecting multiple Canon printer drivers, including Generic Plus PCL6, Generic Plus UFR II, Generic Plus LIPS4, Generic Plus LIPSLX, Generic Plus PS, UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, and PCL6 Printer Drivers. The flaw resides in print processing logic. An attacker who convinces a user to process a crafted print job can read memory outside intended buffers. Canon disclosed the issue under advisory CP2025-005 and published remediation guidance for affected drivers.

Critical Impact

Successful exploitation can disclose sensitive process memory contents and may contribute to further attack chains that undermine confidentiality on systems running vulnerable Canon printer drivers.

Affected Products

  • Canon Generic Plus PCL6, UFR II, LIPS4, LIPSLX, and PS Printer Drivers
  • Canon UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, and PCL6 Printer Drivers
  • Windows hosts running any listed Canon driver version prior to the CP2025-005 fixed release

Discovery Timeline

  • 2025-09-29 - CVE-2025-7698 published to the National Vulnerability Database (NVD)
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-7698

Vulnerability Analysis

The vulnerability is an out-of-bounds read in the print processing routines of multiple Canon printer drivers. When the driver parses print job data, it reads beyond the bounds of an allocated buffer. This behavior discloses adjacent memory contents to the calling context. The condition is classified under [CWE-125] Out-of-bounds Read.

The CVSS 4.0 vector indicates a network attack vector with high attack complexity, user interaction required, and passive attack requirements. Confidentiality impact on the vulnerable component is rated high, while integrity is not affected and availability impact is limited. No public proof-of-concept exploit is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is low, reflecting limited near-term exploitation likelihood.

Root Cause

The drivers fail to validate boundary conditions when parsing structured print job data. Missing length or offset checks allow the parser to dereference memory past the end of an allocated buffer. This design flaw permits controlled input to trigger reads outside the intended region, exposing memory contents to the driver's execution context.

Attack Vector

Exploitation requires an attacker to deliver a specially crafted print job or document to a system using an affected Canon driver. A user must process the malicious print data for the out-of-bounds read to occur. Because print jobs can be delivered over the network to shared printer resources, the network attack vector applies, though successful exploitation depends on user action and specific environmental preconditions.

The vulnerability manifests inside the driver's print processing path. See the Canon PSIRT Advisory CP2025-005 for technical details on affected components and fixed versions.

Detection Methods for CVE-2025-7698

Indicators of Compromise

  • Unexpected crashes or exceptions in Canon print driver processes such as those associated with PCL6, UFR II, LIPS4, LIPSLX, or PS spooling components
  • Anomalous print spooler service (spoolsv.exe) memory access errors logged in Windows Event Viewer
  • Unusual or malformed print job files arriving via network-shared printers or print servers

Detection Strategies

  • Inventory endpoints and print servers to identify installed Canon driver versions and compare against the fixed versions listed in Canon's remediation guidance
  • Monitor Windows print subsystem logs for parser errors, access violations, or driver-initiated exceptions during print job processing
  • Alert on unexpected print jobs originating from untrusted network sources or unmanaged endpoints

Monitoring Recommendations

  • Enable detailed logging on print servers and forward events to a centralized log platform for correlation
  • Track process behavior of print spooler and driver host processes for anomalous memory access patterns or unexpected child processes
  • Review network share access logs for repeated or scripted submissions of print jobs against printer queues

How to Mitigate CVE-2025-7698

Immediate Actions Required

  • Identify all endpoints, print servers, and multifunction devices using the affected Canon Generic Plus, UFRII LT, CARPS2, Generic FAX, LIPS, PS, or PCL6 drivers
  • Download and deploy the fixed driver versions published by Canon in advisory CP2025-005
  • Restrict access to shared printer queues so that only authenticated, trusted users can submit print jobs

Patch Information

Canon has published remediation guidance and updated driver packages in advisory CP2025-005. Refer to Canon Vulnerability Response Information, the Canon PSIRT Advisory CP2025-005, Canon Europe Product Security Support, and the Canon USA Remediation for CP2025-005 for fixed driver versions and installation instructions.

Workarounds

  • Limit exposure of print servers and printer shares to untrusted networks using firewall or segmentation controls
  • Require authentication for print job submission and disable anonymous printing where feasible
  • Remove or disable unused Canon driver variants on endpoints that do not require them to reduce the driver attack surface

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.