Notice on potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards Ricoh products and services

22 Jan 2024

Last updated: 03:00 pm on January 22, 2024 (2024-01-22T13:00:00+09:00)
First published: 09:00 pm on September 29, 2023 (2023-09-29T20:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).

Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).

The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.

Vulnerability Information ID	ricoh-2023-000003
Version	1.01E
CVE ID(CWE ID)	CVE-2023-4863 ( CWE-787 ) CVE-2023-5217 ( CWE-787 )
CVSSv3 score	8.8 HIGH

List1: Status and investigation results of this vulnerability's impact on Ricoh's major Products and Services

Product/service type	Category	Subcategory	Status
Office Products	Multifunction Printers/Copiers	Black & White MFP	Partially affected. Please refer to List 2 below for affected products/services.
		Color MFP	Partially affected. Please refer to List 2 below for affected products/services.
		Wide Format MFP	Partially affected. Please refer to List 2 below for affected products/services.
	Printers	Black & White Laser Printers	Not affected
		Color Laser Printers	Not affected
		Gel Jet Printers	Not affected
	FAX		Not affected
	Digital Duplicators		Not affected
	Projectors		Not affected
	Video Conferencing		Not affected
	Interactive Whiteboards		Partially affected. Please refer to List 2 below for affected products/services.
Remote Communication Gates	Remote Communication Gate A2		Not affected
	Remote Communication Gate A		Not affected
	Remote Communication Gate Type N/L/BN1/BM1		Not affected
Software & Solutions	Card Authentication Package Series		Not affected
	Device Manager NX Accounting		Not affected
	Device Manager NX Lite		Not affected
	Docuware		Not affected
	GlobalScan NX		Not affected
	Enhanced Locked Print Series		Not affected
	Printer Driver Packager NX		Not affected
	@Remote Connector NX		Not affected
	Ricoh Smart Integration (RSI) Platform and its applications		Not affected
	RICOH Print Management Cloud		Not affected
	RICOH Streamline NX V2		Not affected
	RICOH Streamline NX V3		Not affected
Commercial & Industrial Printing	Cut sheet Printers		Under investigation
	Wide Format Printers		Not affected
	Continuous Feed		Not affected
	Garment Printer		Not affected
	Digital Painting		Not affected
	Commercial & Industrial Printing Software		Not affected

List2: Ricoh products and services affected by this vulnerability

Product/service	Link to details
IM 7000/8000/9000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2023-000003
M C530F/C530FB	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2023-000003
IM C2010/C2510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000158-2023-000003
M C2001	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2023-000003
IP CW2200	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000162-2023-000003
IM 2702	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2023-000003
IM 2500/3000/3500/4000/5000/6000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2023-000003
IM 370/370F/460F/460FTL	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2023-000003
IM C3010/C3510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2023-000003
IM C4510/C5510/C6010	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2023-000003
RICOH Interactive Whiteboard Controller Type 2 / Controller Type 3	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000080-2023-000003
Ricoh Interactive Whiteboard Controller OP-10/OP-5/OP-5 Type2	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000079-2023-000003

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-01-22T13:00:00+09:00 : 1.04E Updated List2
2024-01-15T13:00:00+09:00 : 1.03E Updated List1/List2
2024-01-09T13:00:00+09:00 : 1.02E Added List1/List2
2023-10-16T18:00:00+09:00 : 1.01E Added one vulnerability
2023-09-29T20:00:00+09:00 : 1.00E Initial public release

News

Keep up to date

News