#VU104103 Out-of-bounds write in FUJIFILM Business Innovation products - CVE-2024-45320

Cybersecurity Help s.r.o.

Published: 2025-02-20

Vulnerability identifier: #VU104103

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-45320

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
DocuPrint CP225w
Hardware solutions / Office equipment, IP-phones, print servers
DocuPrint CP228w
Hardware solutions / Office equipment, IP-phones, print servers
DocuPrint CM225fw
Hardware solutions / Office equipment, IP-phones, print servers
DocuPrint CM228fw
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: FUJIFILM Business Innovation

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker on the local network can use a specially crafted printer job file, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DocuPrint CP225w: 01.22.01

DocuPrint CP228w: 01.22.01

DocuPrint CM225fw: 01.10.01

DocuPrint CM228fw: 01.10.01

External links
https://jvn.jp/en/vu/JVNVU96297631/
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0217_announce.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in FUJIFILM Business Innovation MFPs