Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.
These applications are also affected by a denial-of-service vulnerability because they fail to adequately handle certain commands during the start of a connection.
Attackers can leverage these issues to execute arbitrary code in the context of the application or to terminate the application. Successful attacks will compromise the applications or deny access to legitimate users.
The following applications are affected:
Opium4 OPI Server 4.10.1028 and prior
cyanPrintIP Easy OPI 4.10.1030 and prior
cyanPrintIP Professional 4.10.1030 and prior
cyanPrintIP Workstation 4.10.836 and prior
cyanPrintIP Standard 4.10.940 and prior
cyanPrintIP Basic 4.10.1030 and prior