VULHUB ™

Several Lexmark network printers that contain a built-in web server have been reported to contain a buffer overflow vulnerability. This vulnerability is reported to exist in the printers HTTP header parsing code. The vulnerability can be exploited to crash the printers web server, denying service to legitimate users. The possibility to execute arbitrary code on the printer may also be present. Model T522 was reported to be affected by this vulnerability. Due to code sharing across products, other printer models are likely affected as well. It is reported that some Dell branded printers also use the same firmware, implying that other vendors may also be vulnerable. This BID will be updated with further vendor, model, and version information as new information is disclosed. It is conjectured that this BID is related to BID 1290. Lexmark printers may use a vulnerable version of the Allegro RomPager embedded web server.

Several Lexmark network printers that contain a built-in web server have been reported to contain a buffer overflow vulnerability. This vulnerability is reported to exist in the printers HTTP header parsing code. The vulnerability can be exploited to crash the printers web server, denying service to legitimate users. The possibility to execute arbitrary code on the printer may also be present. Model T522 was reported to be affected by this vulnerability. Due to code sharing across products, other printer models are likely affected as well. It is reported that some Dell branded printers also use the same firmware, implying that other vendors may also be vulnerable. This BID will be updated with further vendor, model, and version information as new information is disclosed. It is conjectured that this BID is related to BID 1290. Lexmark printers may use a vulnerable version of the Allegro RomPager embedded web server.