wid-sec-w-2026-0915 · Published 2026-03-30 · View on BSI CERT-Bund ↗

Kyocera Printer: Multiple Vulnerabilities allow nicht spezifizierten Angriff

CVSS 9.8 CRITICAL

Risk Summary

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

CVEs (15)

CVE-2013-0248 CVE-2014-0050 CVE-2015-8126 CVE-2015-8472 CVE-2016-1000031 CVE-2016-3092 CVE-2016-3751 CVE-2016-9842 CVE-2017-12652 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2023-24998 CVE-2023-29469 CVE-2024-20952

Affected Vendors

Kyocera

Affected Products (2)

Kyocera · Printer TASKalfa

Kyocera · Printer ECOSYS

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more