Lexmark Scan To Network Information Disclosure Vulnerability

Lexmark Scan to Network = 3.2.9 is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX ...

CVE-2017-2822

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A...

Design/Logic Flaw

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A...

CVE-2017-2821

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution...

CVE-2017-2822

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A...

CVE-2017-2822

The connected reports detail CVE-2017-2822 as a code execution vulnerability in Lexmark Perceptive Document Filters 11.3.0.2400, caused by a fault in DCTStream::getBlock() that can copy user-controlled data onto the stack. Specifically, IGRStream::blockBuf and blockBufEnd are user-controlled, ena...

CVE-2017-2821

The CVE-2017-2821 issue affects Lexmark Perceptive Document Filters (SDK) 11.3.0.2400 and 11.4.0.2452. A use-after-free in the PDF parsing path is triggered through the GfxFont/TextFontInfo flow (Xpdf/Poppler-based code) when processing PostScript/PDF data, allowing an attacker to corrupt heap an...

Lexmark Scan To Network Information Disclosure Vulnerability

Lexmark Scan To Network SNF is a suite of embedded printer applications from Lexmark, USA. A security vulnerability exists in Lexmark SNF 3.2.9 and earlier versions, which arises from the program storing a network configuration certificate in plaintext and being able to transmit the certificate...

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure Vulnerability

Lexmark Scan to Network SNF printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and...

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure

Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and technologies that help customers worldwide print, secure and manage information with ease, efficiency and unmatched value...

Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

OverviewTalos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in...

Lexmark LibISYSpdf Image Rendering DCTStream::getBlock() Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack....

Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability

Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability Summary An exploitable use-after-free exists in the PDF parsing functionality of the Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in dire...

Deep dive in Lexmark Perceptive Document Filters Exploitation

This post authored by Marcin Noga with contributions from Nick BiasiniIntroductionTalos discovers and releases software vulnerabilities on a regular basis. We don't always publish a deep technical analysis of how the vulnerability was discovered or its potential impact. This blog will cover these...

CVE-2017-2806

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400...

CVE-2017-2806

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400...

Design/Logic Flaw

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400...

CVE-2017-2806

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400...

CVE-2017-2806

CVE-2017-2806 details (normal mode). The Lexmark Perceptive Document Filters XLS parsing code is vulnerable to an arbitrary memory read through the Hyperlink object parsing path. An attacker-supplied XLS file can cause the library to read past intended buffers via a two-field string structure (di...

Flaws Found in Popular Printer Models

Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...