Vulnerabilities in the PostScript interpreter(CVE-2023-50734, CVE-2023-50735, CVE-2023-50736) and an input validation vulnerability in the SE Menu(CVE-2023-50737) towards Ricoh products

05 Feb 2024

First published: 03:00 pm on February 05, 2024 (2024-02-05T13:00:00+09:00)
Ricoh Company, Ltd.

Ricoh has been identified vulnerabilities in the PostScript interpreter(CVE-2023-50734, CVE-2023-50735, CVE-2023-50736) and an input validation vulnerability in the SE Menu(CVE-2023-50737) towards Ricoh printers.

List 1 below shows the affected printers. Ricoh offers measures detailed in the hyperlinked pages in the list.

CVE-2023-50734:Buffer overflow vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50735:Heap corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50736:Memory corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50737:Vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.

Vulnerability Information IDricoh-2024-000001
Version1.00E
CVE ID(CWE ID)CVE-2023-50734 (CWE-121) CVE-2023-50735 (CWE-465) CVE-2023-50736 (CWE-131) CVE-2023-50737 (CWE-20)
CVSSv3 score9.1  CRITICAL 

List 1: Ricoh products and services affected by this vulnerability

Product/service  Link to details
M C240FWAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000001
P C200WAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000001

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-02-05T13:00:00+09:00 : 1.00E Initial public release