CVE-2024-11347

Summary

Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Affected Software

VendorProductVersion RangeStatus
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTLS.240.076affected
Lexmark InternationalCX, XC, CS, et. al.CXTLS.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTLS.240.076affected
Lexmark InternationalCX, XC, CS, et. al.MXTLS.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTLS.240.076affected
Lexmark InternationalCX, XC, CS, et. al.CSTLS.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSNSN.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSNSN.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSTSN.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSTSN.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTSN.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXTSN.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSNGV.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSNGV.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTGV.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSTGV.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTGV.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CXTGV.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTPC.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CXTPC.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTPC.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSTPC.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTCT.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXTCT.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTPM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXTPM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTMM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CXTMM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTMM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSTMM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTZJ.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSTZJ.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSNZJ.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CSNZJ.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTZJ.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CXTZJ.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXNZJ.240.042affected
Lexmark InternationalCX, XC, CS, et. al.CXNZJ.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSNGM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSNGM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSTGM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSTGM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXNGM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXNGM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTGM.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXTGM.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSNGW.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSNGW.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSTGW.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MSTGW.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXTGW.240.042affected
Lexmark InternationalCX, XC, CS, et. al.MXTGW.240.200 < *affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSLSG.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXLSG.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MSLBD.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= MXLBD.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSLBN.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSLBL.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXLBN.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXLBL.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTPP.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTPP.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTAT.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTAT.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CSTMH.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= CXTMH.230.401affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.TL2.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.PR2.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.PR4.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.SB4.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.SB7.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.DN2.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.DN4.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.DN7.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.TU.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.SA.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.MG.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.GM7.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.GM4.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW90.VY4.P215affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW80.PRL.P257affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW80.SB2.P257affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW80.VYL.P257affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW80.VY2.P257affected
Lexmark InternationalCX, XC, CS, et. al.0 <= LW80.GM2.P257affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

Workarounds

Lexmark recommends a firmware update if your device has affected firmware.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References