HP has confirmed that a large number of its printer models are vulnerable to a new "Critical" buffer overflow bug with a CVSS score of 9.3. This vulnerability has been given the ID "CVE-2021-39238", and HP describes it as following:
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed products may be vulnerable to potential buffer overflow.
A buffer overflow or buffer overrun happens when the memory buffer is overwhelmed with more data that it is capable of handling. This can lead to malfunctioning and system crashes. However, it can also lead to attackers and threat actors exploiting the vulnerability to gain access to systems.
Fortunately, though, HP has already issued a firmware update for all potentially vulnerable devices that it discovered. Here"s how you can obtain the patched updated firmware for your device:
go to the HP Software and Driver Downloads, and then search for your printer model.
NOTE: Some FutureSmart printers may have multiple available firmware platforms - FutureSmart 3 (FS3), FutureSmart 4 (FS4), or FutureSmart 5 (FS5). Select the appropriate firmware version for the applicable FutureSmart platform.
If you are wondering whether your printer is also vulnerable, head over to this official security bulletin page where HP has provided a helpful table showing all the vulnerable models alongside their patched firmware versions. Click on the "Affected products" dropdown to view this table.
via BleepingComputer