JVNDB-2025-014642

[Japanese]
JVNDB-2025-014642
Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Overview
Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below. Out-of-bounds read (CWE-125) - CVE-2025-7698 Out-of-bounds write (CWE-787) - CVE-2025-9903 Reference to unallocated memory (CWE-696) - CVE-2025-9904 Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Canon Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 5.9 (Medium) [Other] Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: Low The above CVSS base scores have been assigned for CVE-2025-7698
CVSS V3 Severity: Base Metrics:5.9 (Medium) [Other] Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: Low The above CVSS base scores have been assigned for CVE-2025-9903
CVSS V3 Severity: Base Metrics:5.3 (Medium) [Other] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: Low The above CVSS base scores have been assigned for CVE-2025-9904
Affected Products

Canon (multiple product)
For details on the affected products and versions, refer to the vendor advisory.
Impact
If a malicious application invokes the affected drivers, an unauthenticated attacker may cause a denial-of-service (DoS) condition and/or out-of-bounds memory access.
Solution
[Update the printer driver] Update the printer driver to the latest version according to the vendor advisory.
Vendor Information
Canon Canon Europe : CPE2025-005 Vulnerabilities Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers Canon Inc. : CP2025-005 Vulnerabilities Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers Canon USA : CP2025-005 Vulnerabilities Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
CWE (What is CWE?)
Out-of-bounds Read(CWE-125) [Other] Incorrect Behavior Order(CWE-696) [Other] Out-of-bounds Write(CWE-787) [Other]
CVE (What is CVE?)
CVE-2025-7698 CVE-2025-9903 CVE-2025-9904
References
JVN : JVNVU#93104961
Revision History
[2025/09/30] Web page was published


Date Public	2025/09/29
Date First Published	2025/09/30
Date Last Updated	2025/09/30

Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers