The company published a notice of potential impact of a heap buffer overflow vulnerability in libwebp / libvpx towards its products and services.
Ricoh announced it is aware of the reported “Heap buffer overflow vulnerability in libwebp / libvpx”(CVE-2023-4863/5217).
Heap buffer overflow allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
These vulnerabilities are known to be triggered by the use of features for viewing/browsing images and videos. Therefore, Ricoh is asking users to “please make sure not to use RICOH products or services to view any untrusted sources (URLs or files).”
The impact on Ricoh products and services are currently under investigation. Updates on impacted products and services and related countermeasures will be provided promptly on this page as they become available.
The company added: “Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.”
