Notice on potential impact of a heap buffer overflow vulnerability in libwebp (WebP) towards Ricoh products and services

22 Jan 2024

Last updated: 03:00 pm on January 22, 2024 (2024-01-22T13:00:00+09:00)
First published: 09:00 pm on September 29, 2023 (2023-09-29T20:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).

Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).

The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.

 Vulnerability Information ID ricoh-2023-000003
 Version 1.01E
 CVE ID(CWE ID) CVE-2023-4863 ( CWE-787CVE-2023-5217 ( CWE-787 )
 CVSSv3 score 8.8  HIGH 

List1: Status and investigation results of this vulnerability's impact on Ricoh's major Products and Services

Product/service typeCategorySubcategoryStatus
Office ProductsMultifunction Printers/CopiersBlack & White MFPPartially affected. Please refer to List 2 below for affected products/services.
Color MFPPartially affected. Please refer to List 2 below for affected products/services.
Wide Format MFPPartially affected. Please refer to List 2 below for affected products/services.
PrintersBlack & White Laser PrintersNot affected
Color Laser PrintersNot affected
Gel Jet PrintersNot affected
FAXNot affected
Digital DuplicatorsNot affected
ProjectorsNot affected
Video ConferencingNot affected
Interactive WhiteboardsPartially affected. Please refer to List 2 below for affected products/services.
Remote Communication GatesRemote Communication Gate A2Not affected
Remote Communication Gate ANot affected
Remote Communication Gate Type N/L/BN1/BM1Not affected
Software & SolutionsCard Authentication Package SeriesNot affected
Device Manager NX AccountingNot affected
Device Manager NX LiteNot affected
DocuwareNot affected
GlobalScan NXNot affected
Enhanced Locked Print SeriesNot affected
Printer Driver Packager NXNot affected
@Remote Connector NXNot affected
Ricoh Smart Integration (RSI) Platform and its applicationsNot affected
RICOH Print Management CloudNot affected
RICOH Streamline NX V2Not affected
RICOH Streamline NX V3Not affected
Commercial & Industrial PrintingCut sheet PrintersUnder investigation
Wide Format PrintersNot affected
Continuous FeedNot affected
Garment PrinterNot affected
Digital PaintingNot affected
Commercial & Industrial Printing SoftwareNot affected

List2: Ricoh products and services affected by this vulnerability

Product/serviceLink to details
IM 7000/8000/9000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2023-000003
M C530F/C530FB

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2023-000003
IM C2010/C2510

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000158-2023-000003
M C2001

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2023-000003
IP CW2200

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000162-2023-000003
IM 2702

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2023-000003
IM 2500/3000/3500/4000/5000/6000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2023-000003
IM 370/370F/460F/460FTL

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2023-000003
IM C3010/C3510

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2023-000003
IM C4510/C5510/C6010

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2023-000003
RICOH Interactive Whiteboard Controller Type 2 / Controller Type 3

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000080-2023-000003
Ricoh Interactive Whiteboard Controller OP-10/OP-5/OP-5 Type2

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000079-2023-000003

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-01-22T13:00:00+09:00 : 1.04E Updated List2
2024-01-15T13:00:00+09:00 : 1.03E Updated List1/List2
2024-01-09T13:00:00+09:00 : 1.02E Added List1/List2
2023-10-16T18:00:00+09:00 : 1.01E Added one vulnerability
2023-09-29T20:00:00+09:00 : 1.00E Initial public release