JVNDB-2026-001380

Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers

Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below.

• Out-of-bounds write (CWE-787) - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237
• Release of invalid pointer or reference (CWE-763) - CVE-2025-14233

Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

A wide range of products and versions are affected.
For more information, refer to "Vendor Information" section below.

Canon

• (multiple product)

A remote attacker may execute arbitrary code and/or cause a denial-of-service (DoS) condition.

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Apply the Workaround]
Apply the following workarounds to prevent access from untrusted entities.

• Use the product within a network protected by a firewall
• Use the product with a private IP address

Canon

• Canon Europe : CPE2026-001 – Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers
• Canon Inc. : CP2026-001 Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers
• Canon USA : Service Notice: Regarding Remediation Measure Against Potential Buffer Overflow Vulnerability in Laser Printers and Small Office Multifunctional Printers

1. Release of Invalid Pointer or Reference(CWE-763) [Other]
2. Out-of-bounds Write(CWE-787) [Other]

1. CVE-2025-14231
2. CVE-2025-14232
3. CVE-2025-14233
4. CVE-2025-14234
5. CVE-2025-14235
6. CVE-2025-14236
7. CVE-2025-14237

1. JVN : JVNVU#99107852

• [2026/01/19]
    Web page was published