HP has identified and patched two critical security vulnerabilities that impact multiple HP Inkjet printers.
An attacker could send a maliciously crafted file to an affected device, which could allow a stack or static buffer overflow condition and ultimately remote code execution.
The vulnerabilities, CVE-2018-5924 and CVE-2018-5925, are each rated critical and sport a CVSS score of 9.8 (10 being the highest).
The list of affected HP products from the security bulletin is quite long and includes OfficeJet, DeskJet, Pagewide Pro, DesignJet and Envy product lines.
Directions for upgrading the firmware of your HP printer is located here.