Buffer overflow in Hp 1dt61a
CVE-2018-5925
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
Vulnerability class: Buffer Overflow
EPSS: 0.109 (95.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Hp 1dt61a
- Hp 1dt61a_firmware — versions 1828a
- Hp 1jl02a
- Hp 1jl02a_firmware — versions 1829a
- Hp 1jl02b
- Hp 1jl02b_firmware — versions 1829a
- Hp 1sh08
- Hp 1sh08_firmware — versions 1828a
- Hp 2nd31a
- Hp 2nd31a_firmware — versions 1828b
Weakness classification (CWE)
Public proof-of-concept exploits
References
- hp-security-alert@hp.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- hp-security-alert@hp.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- hp-security-alert@hp.com (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- hp-security-alert@hp.com (Vendor Advisory, x_refsource_HP, vendor-advisory)
Frequently asked questions
- What is CVE-2018-5925?
- CVE-2018-5925 is a high-severity vulnerability in Hp 1dt61a, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2018-08-13.
- How severe is CVE-2018-5925?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2018-5925 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.