Canon patches critical printer driver vulnerability
Take action: This is a weird one. On one hand, exploitation of a vulnerable driver is not common. On the other hand, if an attacker gets control of your computer and finds the vulnerable driver, they will exploit it. It's not a panic mode patch, but it's wise to update regularly.
Learn More
Canon is reporting a critical vulnerability discovered in several printer drivers. This security issue affects a wide range of Canon printing devices, including production printers, office/small office multifunction printers, and laser printers.
The vulnerability, tracked as CVE-2025-1268 (CVSS score 9.4), is an out-of-bounds vulnerability in the EMF Recode processing of multiple Generic Plus printer drivers. This security may prevent printing functionality and potentially allows execution of arbitrary code when a print job is processed by a malicious application.
The following Canon printer drivers are affected by this vulnerability:
- Generic Plus PCL6 Printer Driver – V3.12 and earlier
- Generic Plus LIPS4 Printer Driver - V3.12 and earlier
- Generic Plus LIPSLX Printer Driver - V3.12 and earlier
- Generic Plus PS Printer Driver - V3.12 and earlier
- Generic Plus UFR II Printer Driver – V3.12 and earlier
These drivers are commonly used across a wide variety of Canon printer models in both home and office environments.
The frequency of exploitation is considered extremely low, and there have been no confirmed cases of this vulnerability actively exploited in the wild.
Canon has issued updated printer drivers to address this vulnerability. The company strongly recommends that all customers take the following action:
- Check the websites of your local Canon sales representatives for the latest printer driver versions
- Install the updated drivers as soon as they become available
