Product Advisories

Print This PageEmail This Page

Service Notice: Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers and Small Office Multifunctional Printers

Thank you for using Canon products.

Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers and Small Office Multifunctional Printers listed under Affected models below. If the product is connected directly to the internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code, or the product could be subjected to a Denial-of-Service (DoS) attack. Below are the associated CVE numbers.

Buffer Overflow
• CVE-2023-6229
• CVE-2023-6230
• CVE-2023-6231
• CVE-2023-6232
• CVE-2023-6233
• CVE-2023-6234
• CVE-2024-0244*

Affected Products

imageCLASS MF Series
Color imageCLASS MF753Cdw**
Color imageCLASS MF751Cdw**
Color imageCLASS X MF1333C

imageCLASS LBP Series
Color imageCLASS LBP674Cdw**
Color imageCLASS X LBP1333C

* CVE-2024-0244 is currently resolved for the Color imageCLASS MF753Cdw and Color imageCLASS X MF1333C.
** Download available only on usa.canon.com.

Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.

Support
Please click your product from the list above or proceed to https://www.cla.canon.com/cla/en/support or click on the Affected model link above to navigate to the latest firmware. Once here, select Firmware and download and install the latest version.

Furthermore, if you have not done so already, we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.

In addition, please check “Securing products when connecting to a network” in the URL below for other security measures that can be used with your Canon products.

https://www.cla.canon.com/en_US/app/pdf/message-to-our-customers/Connecting-To-Network-Securely.pdf

Contact Information
Should you have any questions about the announcement, please contact the Authorized Service Facility in your area or you may contact the Call Center within your region.