The manufacturer of corporate printers Lexmark has once again warned its users of critical vulnerabilities. In dozens of its models there are four vulnerabilities in the firmware with a CVSSv3 score of 9.0, one 8.5 and one 8.0 out of 10. Users should update the firmware accordingly.
A few weeks ago, Lexmark had to ask many of its users to update the firmware for many of its printers. Now there is already a large number of dangerous vulnerabilities. The update is recommended for companies and administrators because the CVSSv3 values are 9.0 out of 10 in four cases and are considered critical. The other vulnerabilities are at 8.5 and 8.0 and are classified as highly dangerous.
- Postscript buffer overflow (type confusion) (CVE-2023-26063)
A security vulnerability has been discovered in the Postscript interpreter of various Lexmark devices. - Postscript buffer overflow (write out of bounds) (CVE-2023-26064)
A security vulnerability in the Postscript interpreter has been found in various Lexmark devices. - Postscript buffer overflow (integer overflow) (CVE-2023-26065)
A security vulnerability in the Postscript interpreter has been found in various Lexmark devices. - Postscript buffer overflow (improper stack validation) (CVE-2023-26066)
A security vulnerability in the Postscript interpreter has been found in various Lexmark devices. - Vulnerability in input validation (CVE-2023-26067)
An input validation vulnerability that could allow an attacker who has already compromised an affected Lexmark device to escalate their privileges.
Very long device lists
The device lists affected by the vulnerabilities are long. Sometimes there are dozens of devices and sometimes more than a hundred models. Unfortunately, the manufacturer only lists the devices within the PDF files for the vulnerability. To be on the safe side, you should search these lists for your models.
More at Lexmark.com