Dear Customers,
We would like to thank you for your continuous support to FUJIFILM products. We have confirmed that there is a vulnerability that may cause in some FUJIFILM printers freeze when processing invalid PJL, Printer Job Language, file.
Please refer to the description below for further details and consider applying the fixed firmware.
The printer may freeze when attempting to process an invalid print job file.
The issue arises during the process of writing the loaded data to the buffer memory on the printer. The existing logic of the firmware can fail to verify the length of data, potentially resulting in writing beyond the designated buffer area if data of an invalid length is received (CWE-787, CVE-2024-45320), which may cause freeze when attempting to process an invalid print job file.
Please update the firmware to the fixed version.
Please make sure that the PJL files are valid.
If your printer freezes, please reboot it.
CVSS v3 CVSS: 3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 6.5
We would like to express gratitude to Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University for the finding of the vulnerability.
Please visit FUJIFILM Business Innovation support website to find for more details:
| Affected models | Affected firmware versions | Fixed firmware versions |
|---|---|---|
| DocuPrint CP225w | 01.22.01 or earlier | 01.23.02 or later |
| DocuPrint CP228w | 01.22.01 or earlier | 01.23.02 or later |
| DocuPrint CM225fw | 01.10.01 or earlier | 01.12.02 or later |
| DocuPrint CM228fw | 01.10.01 or earlier | 01.12.02 or later |