Notice on potential impact of a heap buffer overflow vulnerability in libvpx towards IP CW2200

: First published: 04:00 am on January 15, 2024 (2024-01-15T13:00:00+09:00); Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Heap buffer overflow vulnerability in libvpx" (CVE-2023-5217) affects IP CW2200.

Ricoh offers measures detailed below.

Advisory ID

ricoh-prod000162-2023-000003
Version

1.00E
CVE ID (CWE ID)

CVE-2023-5217 ( CWE-787 )
CVSSv3 base score

8.8HIGH

Potential impact

Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Affected components and versions

Products or Services	Components	Versions
IP CW2200	Firmware	CheetahSystem　1.03 or earlier

How to view the firmware version:
1. Access Web Image Monitor from your browser.
https://"IP address or hostname of the device"
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Device Settings > Firmware Update

Resolution

Update firmware.
To obtain the updated firmware, please contact your local Ricoh representative.

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2024-01-15T13:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000162-2023-000003 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.