CVE-2019-16240

Name: CVE-2019-16240
Creator: NVD / NIST
Published: 2021-11-09T15:15:08.49+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 1.31%

Last modified Jun 17, 2026

CVE-2019-16240 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.

Description

A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Probability

1.31%

67.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Hp	Pagewide Pro 577z K9z76a Firmware	< 001.1937d
Hp	Pagewide Pro 577z K9z76b Firmware	< 001.1937d
Hp	Pagewide Pro 577z K9z76d Firmware	< 001.1937d
Hp	Pagewide Pro 577dw D3q21a Firmware	< 001.1937d
Hp	Pagewide Pro 577dw D3q21b Firmware	< 001.1937d
Hp	Pagewide Pro 577dw D3q21c Firmware	< 001.1937d
Hp	Pagewide Pro 577dw D3q21d Firmware	< 001.1937d
Hp	Pagewide Pro 552dw 2dr21d Firmware	< 001.1937d
Hp	Pagewide Pro 552dw D3q17a Firmware	< 001.1937d
Hp	Pagewide Pro 552dw D3q17d Firmware	< 001.1937d
Hp	Pagewide Pro 552dw K9z74a Firmware	< 001.1937d
Hp	Pagewide Pro 552dw K9z74d Firmware	< 001.1937d
Hp	Pagewide Pro 477dw D3q20a Firmware	< 001.1937d
Hp	Pagewide Pro 477dw D3q20b Firmware	< 001.1937d
Hp	Pagewide Pro 477dw D3q20c Firmware	< 001.1937d
Hp	Pagewide Pro 477dw D3q20d Firmware	< 001.1937d
Hp	Pagewide Pro 477dw W2z53b Firmware	< 001.1937d
Hp	Pagewide Pro 477dn D3q19d Firmware	< 001.1937d
Hp	Pagewide Pro 477dn D3q19b Firmware	< 001.1937d
Hp	Pagewide Pro 477dn D3q19a Firmware	< 001.1937d
Hp	Pagewide Pro 452dw W2z52b Firmware	< 001.1937d
Hp	Pagewide Pro 452dw D3q16d Firmware	< 001.1937d
Hp	Pagewide Pro 452dw D3q16a Firmware	< 001.1937d
Hp	Pagewide Pro 452dn D3q15d Firmware	< 001.1937d
Hp	Pagewide Pro 452dn D3q15b Firmware	< 001.1937d
Hp	Pagewide Pro 452dn D3q15a Firmware	< 001.1937d
Hp	Pagewide Managed P52750dw J9v78b Firmware	< 001.1937d
Hp	Pagewide Managed P52750dw J9v82d Firmware	< 001.1937d
Hp	Pagewide Managed P52750dw J9v82a Firmware	< 001.1937d
Hp	Pagewide Managed P57750dw J9v78b Firmware	< 001.1937d
Hp	Pagewide Managed P57750dw J9v82d Firmware	< 001.1937d
Hp	Pagewide Managed P57750dw J9v82a Firmware	< 001.1937d
Hp	Pagewide Managed P55250dw J6u51b Firmware	< 001.1937d
Hp	Pagewide Managed P55250dw J6u55d Firmware	< 001.1937d
Hp	Pagewide Managed P55250dw J6u55a Firmware	< 001.1937d
Hp	Pagewide 377dw J9v80b Firmware	< 001.1937d
Hp	Pagewide 377dw J9v80a Firmware	< 001.1937d
Hp	Pagewide 352dw J6u57b Firmware	< 001.1937d
Hp	Pagewide 352dw J6u57a Firmware	< 001.1937d
Hp	Officejet Pro 8210 D9l63a Firmware	< 001.1937c
Hp	Officejet Pro 8210 D9l64a Firmware	< 001.1937c
Hp	Officejet Pro 8210 J3p65a Firmware	< 001.1937c
Hp	Officejet Pro 8210 J3p68a Firmware	< 001.1937c
Hp	Officejet Pro 8210 T0g70a Firmware	< 001.1937c

References

https://support.hp.com/us-en/document/c06458150Vendor Advisory
https://support.hp.com/us-en/document/c06458150Vendor Advisory

Timeline

Published: Nov 9, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-16240?

How severe is CVE-2019-16240?

CVE-2019-16240 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 1.31% probability of exploitation in the next 30 days.

How do I fix CVE-2019-16240?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-16240?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST