cvedb.io
CVE-2025-63701
MEDIUM · CVSS 6.8
EPSS exploitation probability: 0%
Published 2025-11-14T20:15:47.717 · Last modified 2026-06-17T09:53:23.757

Summary

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability.

Affected products

advantech — tp_3250_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when advantech ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.