CVE-2024-9419

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.1 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_11505949-11505972-16	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*

History

26 Jan 2026, 18:00

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/ish_11505949-11505972-16 -~~	() https://support.hp.com/us-en/document/ish_11505949-11505972-16 - Vendor Advisory
CPE		cpe:2.3:a:hp:smart_universal_printing_driver::::::::
First Time		Hp smart Universal Printing Driver Hp

01 Nov 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Los equipos cliente/servidor con el controlador de impresión universal inteligente de HP instalado son potencialmente vulnerables a la ejecución remota de código y/o la elevación de privilegios. Un cliente que utilice el controlador de impresión universal inteligente de HP que envíe un trabajo de impresión compuesto por un archivo XPS malicioso podría provocar la ejecución remota de código y/o la elevación de privilegios en el equipo.

30 Oct 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-30 18:15

Updated : 2026-01-26 18:00

NVD link : CVE-2024-9419

Mitre link : CVE-2024-9419

CVE.ORG link : CVE-2024-9419

JSON object : View

Products Affected

hp

smart_universal_printing_driver

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-9419", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-30T18:15:08.260", "references": [{"url": "https://support.hp.com/us-en/document/ish_11505949-11505972-16", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC."}, {"lang": "es", "value": "Los equipos cliente/servidor con el controlador de impresi\u00f3n universal inteligente de HP instalado son potencialmente vulnerables a la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios. Un cliente que utilice el controlador de impresi\u00f3n universal inteligente de HP que env\u00ede un trabajo de impresi\u00f3n compuesto por un archivo XPS malicioso podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo y/o la elevaci\u00f3n de privilegios en el equipo."}], "lastModified": "2026-01-26T18:00:18.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:smart_universal_printing_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67B0E9E3-F3CD-44CF-B115-A61FBE24D5B7", "versionEndExcluding": "4.07.1.3204"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}