Notice on potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards Ricoh products and services

: Last updated: 04:00 am on February 26, 2024 (2024-02-26T13:00:00+09:00); First published: 11:00 am on September 29, 2023 (2023-09-29T20:00:00+09:00); Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).

Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).

The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.

Vulnerability Information ID

ricoh-2023-000003
Version

1.07E
CVE ID(CWE ID)

CVE-2023-4863 ( CWE-787 ) CVE-2023-5217 ( CWE-787 )
CVSSv3 base score

8.8HIGH

List1:Status and investigation results of this vulnerability's impact on Ricoh's major Products and Services

Product/service type	Category	Subcategory	Status
Office Products	Multifunction Printers/Copiers	Black & White MFP	Partially affected. Please refer to List 2 below for affected products/services.
		Color MFP	Partially affected. Please refer to List 2 below for affected products/services.
		Wide Format MFP	Partially affected. Please refer to List 2 below for affected products/services.
	Printers	Black & White Laser Printers	Not affected
		Color Laser Printers	Not affected
		Gel Jet Printers	Not affected
	FAX		Not affected
	Digital Duplicators		Not affected
	Projectors		Not affected
	Video Conferencing		Not affected
	Interactive Whiteboards		Partially affected. Please refer to List 2 below for affected products/services.
Remote Communication Gates	Remote Communication Gate A2		Not affected
	Remote Communication Gate A		Not affected
	Remote Communication Gate Type N/L/BN1/BM1		Not affected
Software & Solutions	Card Authentication Package Series		Not affected
	Device Manager NX Accounting		Not affected
	Device Manager NX Lite		Not affected
	Docuware		Not affected
	GlobalScan NX		Not affected
	Enhanced Locked Print Series		Not affected
	Printer Driver Packager NX		Not affected
	@Remote Connector NX		Not affected
	Ricoh Smart Integration (RSI) Platform and its applications		Not affected
	RICOH Print Management Cloud		Not affected
	RICOH Streamline NX V2		Not affected
	RICOH Streamline NX V3		Not affected
Commercial & Industrial Printing	Cut sheet Printers		Partially affected. Please refer to List 2 below for affected products/services.
	Wide Format Printers		Not affected
	Continuous Feed		Not affected
	Garment Printer		Not affected
	Digital Painting		Not affected
	Commercial & Industrial Printing Software		Not affected

List2:Ricoh products and services affected by this vulnerability

Product/service	Link to details
IM C7010	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000159-2023-000003
IM 550F/600F/600SRF	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000013-2023-000003
IM CW2200	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000060-2023-000003
Pro C5300S/C5310S	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000019-2023-000003
Pro C5300SL	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000161-2023-000003
IM C6500/C8000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000001-2023-000003
IM C3000/C3500	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000005-2023-000003
IM C4500/C5500/C6000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000006-2023-000003
IM C2000/C2500	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000007-2023-000003
IM C400F/C400SRF/C300F/C300	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000008-2023-000003
IM 7000/8000/9000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2023-000003
M C530F/C530FB	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2023-000003
IM C2010/C2510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000158-2023-000003
M C2001	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2023-000003
IP CW2200	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000162-2023-000003
IM 2702	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2023-000003
IM 2500/3000/3500/4000/5000/6000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2023-000003
IM 370/370F/460F/460FTL	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2023-000003
IM C3010/C3510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2023-000003
IM C4510/C5510/C6010	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2023-000003
RICOH Interactive Whiteboard Controller Type 2 / Controller Type 3	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000080-2023-000003
Ricoh Interactive Whiteboard Controller OP-10/OP-5/OP-5 Type2	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000079-2023-000003

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:
2024-02-26T13:00:00+09:00 : 1.07E Updated List2
2024-02-13T13:00:00+09:00 : 1.06E Updated List1/List2
2024-01-29T13:00:00+09:00 : 1.05E Updated List2
2024-01-22T13:00:00+09:00 : 1.04E Updated List2
2024-01-15T13:00:00+09:00 : 1.03E Updated List1/List2
2024-01-09T13:00:00+09:00 : 1.02E Added List1/List2
2023-10-16T18:00:00+09:00 : 1.01E Added one vulnerability
2023-09-29T20:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000003 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.