Dear Customers,

We would like to thank you for your continuous support to FUJIFILM products. We have confirmed that there is a vulnerability that may cause in some FUJIFILM printers freeze when processing invalid PJL, Printer Job Language, file.

Please refer to the description below for further details and consider applying the fixed firmware.

Description

The printer may freeze when attempting to process an invalid print job file.

The issue arises during the process of writing the loaded data to the buffer memory on the printer. The existing logic of the firmware can fail to verify the length of data, potentially resulting in writing beyond the designated buffer area if data of an invalid length is received (CWE-787, CVE-2024-45320), which may cause freeze when attempting to process an invalid print job file.

Countermeasure

Please update the firmware to the fixed version.

Workarounds

Please make sure that the PJL files are valid.
If your printer freezes, please reboot it.

Related Information

CVE-2024-45320
CWE-787
CVSS v3 CVSS: 3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Base Score: 6.5

Acknowledgements

We would like to express gratitude to Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University for the finding of the vulnerability.

Contact

Please visit FUJIFILM Business Innovation support website to find for more details:
https://support-fb.fujifilm.com/

Affected Models and Versions and Fixed Firmware Versions