Canon has issued a high-priority warning for users of its printers, revealing critical vulnerabilities in both printer drivers and device firmware. These flaws could allow attackers to inject malicious code, potentially gaining unauthorized control or rendering devices inoperable.

🛠 What Happened?

In a recent security advisory, Canon disclosed a major vulnerability in specific printer drivers used across production, office, and small office printer lines—including popular laser printer models. The issue involves out-of-bounds memory access when handling EMF (Enhanced Metafile) files, which are typically used for advanced printing tasks.

🔐 CVE-2025-1268

📊 CVSS Score: 9.4 (Critical)

⚠️ Impact: Arbitrary code execution or disrupted printing when triggered by a malicious application

📁 Affected Driver Versions

If you are using any of the following Canon drivers (version 3.12 or earlier), you are at risk:

• Generic Plus PCL6

• UFR II

• LIPS4

• LIPSLX

• PostScript (PS)

Canon has released updated driver versions, which are now available for download on its regional websites.

🔍 Still No Exploit Detection

Despite the severity, Canon has not yet disclosed details on how users or system administrators can detect signs of exploitation or abuse, leaving many in the dark on whether their systems may have already been targeted.

📃 Affected Printer Models

🖨 ImageCLASS MF Series:

MF455DW, MF453DW, MF452DW, MF451DW

MF656CDW, MF654CDW, MF653CDW, MF652CW

MF1238 II, MF1643iF II, MF1643i II

🖨 ImageCLASS LBP Series:

LBP237DW, LBP236DW

LBP632CDW, LBP633CDW

LBP1238 II

🔧 How to Update Your Firmware

For models with a touchscreen:

1. Tap "Update Firmware" on the home screen

2. Agree to the license window to start the update

For models with a black-and-white display:

1. Go to Menu > Management Settings > Remote UI Settings/Update Firmware

2. Choose "Via Internet" and confirm the license window

These updates close the security loopholes and are highly recommended.

📣 Canon's Official Advisory

For technical details and ongoing updates, visit Canon's official security bulletin here: 🔗 https://psirt.canon/advisory-information/cp2025-003

If you're using a Canon printer - especially in a home office or corporate setting - update your drivers and firmware immediately. With critical CVSS scores nearing 10, these vulnerabilities aren't just theoretical: they're a ticking time bomb.

Don't wait for an attack to find you. Patch now. As an additional layer of security users can additionally use driver updaters such as UpdateStar Drivers to keep all drivers up-to-date semi-automatically.