HP has published security advisories for four vulnerabilities affecting its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

The first security bulletin warns about buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942 (CVSS score: 8.4), the security issue was reported by Trend Micro’s Zero Day Initiative team.

HP has released security updates for most of the affected products. For the models without a patch, the company provides mitigation instructions that revolve mainly around disabling LLMNR (Link-Local Multicast Name Resolution) in network settings.

A second security bulletin from HP warns about three critical vulnerabilities that could be exploited for information disclosure, remote code execution, and denial of service.

The three vulnerabilities are tracked as CVE-2022-24291 (CVSS score: 7.5), CVE-2022-24292 (CVSS score: 9.8), and CVE-2022-24293 (CVSS score: 9.8). Credit for reporting them also go to the Zero Day Initiative team.

In this case too, the official recommendation is to update your printer firmware to the designated versions.

Source: bleepingcomputer.com