CVE-2024-9419

CVE-2024-9419 is a high-severity vulnerability in Hp Smart Universal Printing Driver with a CVSS 3.x base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-787.

Key facts

Description

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.

Frequently asked questions

What is CVE-2024-9419?
Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.
How severe is CVE-2024-9419?
CVE-2024-9419 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2024-9419 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (48th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2024-9419?
CVE-2024-9419 affects Hp Smart Universal Printing Driver. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2024-9419?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2024-9419 have an EU (EUVD) identifier?
Yes. CVE-2024-9419 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-49928.
When was CVE-2024-9419 published?
CVE-2024-9419 was published on 2024-10-30 and last updated on 2026-06-17.

References

Affected products (1)

Other CWE-787 (Out-of-bounds Write) vulnerabilities

Browse all CWE-787 (Out-of-bounds Write) vulnerabilities →