Vulnerabilities in the PostScript interpreter(CVE-2023-50734, CVE-2023-50735, CVE-2023-50736) and an input validation vulnerability in the SE Menu(CVE-2023-50737) towards Ricoh products

05 Feb 2024

First published: 03:00 pm on February 05, 2024 (2024-02-05T13:00:00+09:00)
Ricoh Company, Ltd.

Ricoh has been identified vulnerabilities in the PostScript interpreter(CVE-2023-50734, CVE-2023-50735, CVE-2023-50736) and an input validation vulnerability in the SE Menu(CVE-2023-50737) towards Ricoh printers.

List 1 below shows the affected printers. Ricoh offers measures detailed in the hyperlinked pages in the list.

CVE-2023-50734：Buffer overflow vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50735：Heap corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50736：Memory corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50737：Vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.

Vulnerability Information ID	ricoh-2024-000001
Version	1.00E
CVE ID(CWE ID)	CVE-2023-50734 (CWE-121) CVE-2023-50735 (CWE-465) CVE-2023-50736 (CWE-131) CVE-2023-50737 (CWE-20)
CVSSv3 score	9.1 CRITICAL

List 1: Ricoh products and services affected by this vulnerability

Product/service	Link to details
M C240FW	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000001
P C200W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000001

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-02-05T13:00:00+09:00 : 1.00E Initial public release

News

Keep up to date

News