[German]There are vulnerabilities in older HP Universal Print printer drivers (PCL 6 and PostScript) for Windows. The background to this is that these printer drivers use the libjpeg, libpng, OpenSSL and zlib libraries and may have (older) vulnerabilities. HP has issued a security advisory and driver update on January 29, 2025.
Advertising
A blog reader contacted me and asked if I knew anything about a vulnerability in the "HP Universal Print Driver PCL6". He referred to a security report from HP from the end of January 2025 and said that he was still looking into the risks of using an older driver version and the problems that can occur when updating.
The HP security advisory
Printer manufacturer HP has published the security warning HP Universal Print Driver Series (PCL 6 and PostScript) – Potential Security Vulnerabilities on 29.01.2025. The Universal Print Driver can be used under Windows to control various HP printers. In the HP Universal Print Driver Series (PCL 6 and PostScript) potential vulnerabilities in various libraries have been identified.
- CVE-2017-12652 (CVSS 3-Score 9.8, Critical) in libpng, Arbitrary Code Execution
- CVE-2022-2068 (CVSS 3-Score 9.8, Critical) in OpenSSL, Arbitrary Code Execution
- CVE-2023-45853 (CVSS 3-Score 9.8, Critical) in zlib, Information Disclosure
- CVE-2020-14152 (CVSS 3-Score7.1, High) in libjpeg, Denial of Service
According to the CVE scores, these vulnerabilities are quite old and date back to 2017. All HP Universal Printing Driver Series drivers (PCL 6 and PostScript) prior to 7.3.0.25919 are affected. HP has released an updated HP Universal Printing Driver Series driver version 7.3.0.25919 to close the vulnerabilities.
Advertising
