CVE-2019-14308: Buffer Overflow
First published: Mon Aug 26 2019(Updated: )
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ricoh SP C250SF | <1.13 | |
| Ricoh SP C250SF Firmware | ||
| Ricoh SP C252sf Firmware | <1.13 | |
| Ricoh SP C252sf Firmware | ||
| Ricoh SP C250dn Firmware | <1.07 | |
| Ricoh Sp C250sf | ||
| Ricoh SP C252dn Firmware | <1.07 | |
| Ricoh SP C252dn Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14308?
CVE-2019-14308 is a vulnerability that exists in several Ricoh printers, allowing an attacker to cause a denial of service or execute arbitrary code through crafted requests to the LPD service.
Which Ricoh printers are affected by CVE-2019-14308?
The vulnerability affects Ricoh printers with the following firmware versions: Ricoh Sp C250sf Firmware up to version 1.13, Ricoh Sp C252sf Firmware up to version 1.13, Ricoh Sp C250dn Firmware up to version 1.07, and Ricoh Sp C252dn Firmware up to version 1.07.
How severe is CVE-2019-14308?
CVE-2019-14308 is classified as a critical vulnerability with a severity rating of 9.8.
How can an attacker exploit CVE-2019-14308?
An attacker can exploit CVE-2019-14308 by sending crafted requests to the LPD service on the affected Ricoh printers, causing a denial of service or executing arbitrary code.
How can I protect my Ricoh printer from CVE-2019-14308?
To protect your Ricoh printer from CVE-2019-14308, update the firmware to the latest version available from the Ricoh support and download page.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ricoh
- canonical/ricoh sp c250sf firmware
- canonical/ricoh sp c252sf firmware
- canonical/ricoh sp c250dn firmware
- canonical/ricoh sp c250sf
- canonical/ricoh sp c252dn firmware