HP Universal Print Driver Series (PCL 6 and PostScript) - Potential Security Vulnerabilities

Created on 2025-02-14 16:37 and updated on 2025-02-14 16:37.

Description

CVE	CVSS	Level	CVSS String	library
CVE-2017-12652	9.8	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	libpng	Arbitrary Code Execution
CVE-2022-2068	9.8	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	OpenSSL	Arbitrary Code Execution
CVE-2023-45853	9.8	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	zlib	Information Disclosure
CVE-2020-14152	7.1	High	CVSS:3.1/AF4AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H	libjpeg	Denial of Service

Resolution

Update your version of the HP Universal Print Driver Series.

HP has provided updates to the HP Universal Print Driver Series. To obtain the updated version, go to www.hp.com/go/UPD.

https://support.hp.com/us-en/document/ish_11892982-11893015-16/hpsbpi03995

Vulnerabilities included in this bundle

CVE-2022-2068: The c_rehash script allows command injection
CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 ...
CVE-2017-12652: libpng before 1.6.32 does not properly check the length of chunks against the user limit.
CVE-2020-14152: In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use se...

Author

Alexandre Dulaunoy

Combined sightings

Author	Vulnerability	Source	Type	Date
automation	CVE-2023-45853	https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09	seen	1 month ago