Notice of potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards Ricoh products and services
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Heap buffer overflow vulnerability in libwebp / libvpx"(CVE-2023-4863/5217).
Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).
The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.
List1:Status and investigation results of this vulnerability's impact on Ricoh's major Products and Services
| Product/service type | Category | Subcategory | Status |
|---|---|---|---|
| Office Products | Multifunction Printers/Copiers | Black & White MFP | Partially affected. Please refer to List 2 below for affected products/services. |
| Color MFP | Partially affected. Please refer to List 2 below for affected products/services. | ||
| Wide Format MFP | Under investigation | ||
| Printers | Black & White Laser Printers | Not affected | |
| Color Laser Printers | Not affected | ||
| Gel Jet Printers | Not affected | ||
| FAX | Not affected | ||
| Digital Duplicators | Not affected | ||
| Projectors | Not affected | ||
| Video Conferencing | Not affected | ||
| Interactive Whiteboards | Partially affected. Please refer to List 2 below for affected products/services. | ||
| Remote Communication Gates | Remote Communication Gate A2 | Not affected | |
| Remote Communication Gate A | Not affected | ||
| Remote Communication Gate Type N/L/BN1/BM1 | Not affected | ||
| Software & Solutions | Card Authentication Package Series | Not affected | |
| Device Manager NX Accounting | Not affected | ||
| Device Manager NX Lite | Not affected | ||
| Docuware | Not affected | ||
| GlobalScan NX | Not affected | ||
| Enhanced Locked Print Series | Not affected | ||
| Printer Driver Packager NX | Not affected | ||
| @Remote Connector NX | Not affected | ||
| Ricoh Smart Integration (RSI) Platform and its applications | Not affected | ||
| RICOH Print Management Cloud | Not affected | ||
| RICOH Streamline NX V2 | Not affected | ||
| RICOH Streamline NX V3 | Not affected | ||
| Commercial & Industrial Printing | Cut sheet Printers | Under investigation | |
| Wide Format Printers | Not affected | ||
| Continuous Feed | Not affected | ||
| Garment Printer | Not affected | ||
| Digital Painting | Not affected | ||
| Commercial & Industrial Printing Software | Not affected | ||
List2:Ricoh products and services affected by this vulnerability
| Product/service | Link to details |
|---|---|
| IM 2702 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2023-000003 |
| IM 2500/3000/3500/4000/5000/6000 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2023-000003 |
| IM 370/370F/460F/460FTL | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2023-000003 |
| IM C3010/C3510 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2023-000003 |
| IM C4510/C5510/C6010 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2023-000003 |
| RICOH Interactive Whiteboard Controller Type 2 / Controller Type 3 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000080-2023-000003 |
| Ricoh Interactive Whiteboard Controller OP-10/OP-5/OP-5 Type2 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000079-2023-000003 |
|Om Ricoh|
Hos Ricoh styrker vi digitale arbejdspladser gennem innovative teknologier og tjenester, der gør det muligt for mennesker at arbejde smartere, uanset hvor de er.
Ricoh er en førende leverandør af digitale tjenester, workflow- og dokumenthåndteringsløsninger samt kommercielle og industrielle printløsninger, der er designet til at understøtte digital transformation og optimere virksomhedens resultater.
Med hovedkvarter i Tokyo når Ricoh Group ud til kunder i ca. 200 lande og regioner, understøttet af viden, teknologier og organisatoriske evner og erfaringer, der er blevet næret gennem virksomhedens 85-årige historie.
I regnskabsåret, der sluttede marts 2023, havde Ricoh Group en global omsætning på 2.134 milliarder yen (ca. 16 mia. USD). Det er Ricohs mission og vision at forstå og transformere måden, som mennesker arbejder på, så vi kan frigøre deres potentiale og kreativitet – og sammen realisere en bæredygtig fremtid.
Ricoh Danmark A/S har hovedkontor i Vallensbæk Strand og filialer i Aarhus og Kolding. Ricoh Danmark har desuden eget landsdækkende servicenetværk, samt en række specialiserede partnere over hele landet.
Læs mere på www.ricoh.dk
Kontaktoplysninger:
Ricoh Danmark A/S
Delta Park 37
2665 Vallensbæk Strand
Tlf.: 70 10 67 68
www.ricoh.dk
Søren Steendahl,
Country Manager
Tlf.: 29 29 61 91
E-mail: soren.steendahl@ricoh.dkFind os på Facebook: www.facebook.com/ricohdanmark
Find os på Twitter: www.twitter.com/ricoheurope
Find os på LinkedIn: www.linkedin.com/company/ricoh-danmark-a-s
Find os på Youtube: www.youtube.com/ricoheurope
Besøg Ricohs mediecenter på: www.ricoh.dk/nyheder-og-events/presserum