CVE-2019-13171

Name: CVE-2019-13171
Creator: NVD / NIST
Published: 2020-03-13T19:15:15.277+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 2.81%

Last modified Jun 17, 2026

CVE-2019-13171 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.. EPSS estimates a 2.81% chance of exploitation in the next 30 days.

Description

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.81%

84.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Xerox	Phaser 3320 Firmware	v53.006.16.000

References

https://security.business.xerox.com/Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/Third Party Advisory
https://security.business.xerox.com/Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/Third Party Advisory

Timeline

Published: Mar 13, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-13171?

How severe is CVE-2019-13171?

CVE-2019-13171 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.81% probability of exploitation in the next 30 days.

How do I fix CVE-2019-13171?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-13171?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST