Canon Printer Drivers Flaw Could Let Hackers Run Malicious Code

The Microsoft Offensive Research and Security Engineering (MORSE) team has identified a crucial security vulnerability within a range of Canon printer drivers, threatening users across various sectors. This vulnerability could reportedly allow malicious actors to compromise printing operations and, in severe cases, execute arbitrary code on affected systems.

The Issue

The issue’s core lies within the EMF Recode processing, a critical component of several Canon printer drivers. Researchers at MORSE determined that earlier versions, specifically 3.12 and prior, of the Generic Plus PCL6, UFR II, LIPS4, LIPSLX, and PS printer drivers are susceptible to an out-of-bounds vulnerability.

The Common Vulnerability Scoring System (CVSS) v3.1 has assigned this vulnerability, tracked as CVE-2025-1268, a base score of 9.4, indicating a high-severity risk, given its low attack complexity, the absence of required privileges or user interaction, and the potential for high-impact compromise of confidentiality.

The Out-of-Bounds Vulnerability

This flaw occurs when a program attempts to access memory outside of an assigned buffer, creating an opening for attackers to inject and execute malicious code. It essentially allows for memory corruption during EMF Recode processing, which malicious applications can leverage to insert and execute their own code.

This vulnerability is particularly concerning due to its potential use in “Bring Your Own Vulnerable Driver” (BYOVD) attacks, a technique increasingly favoured by threat actors to gain elevated privileges and bypass security measures. BYOVD attacks exploit legitimate, yet vulnerable, drivers to execute malicious code, making this Canon driver flaw a serious risk.

The affected drivers are used in a variety of Canon printers, including production models, office and home-office multifunction printers, and laser printers. If a malicious application processes a print job through these vulnerable drivers, attackers could gain unauthorized access, disrupting print job failures or, more critically, executing code that could lead to data breaches or system control.

Canon’s Remediation and User Recommendations

Canon has acknowledged the issue and has committed to releasing updated printer drivers to address it. These patches will be made available through the websites of local Canon sales representatives. Users are strongly advised to promptly download and install the latest versions of these drivers to mitigate the risk of exploitation. Implementing network segmentation to isolate critical systems and deploying Endpoint Detection and Response (EDR) solutions to monitor endpoint activity are also strongly recommended.