sane-backends: Heap buffer overflow in esci2_img

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Important: Red Hat Security Advisory: sane-backends security update

An update for sane-backends is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 8 : sane-backends (RHSA-2020:2967)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2967 advisory. Scanner Access Now Easy SANE is a universal scanner interface. The SANE application programming interface API provides standardized access t...

Oracle Linux 8 : sane-backends (ELSA-2020-2902)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2902 advisory. 1.0.27-19.1 - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2img - 1852668, 1852667, 1852666, 1852665 - disable autodiscovery for...

sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsondsnetread function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

sane-backends: Heap buffer overflow in esci2_img

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

sane-backends security update

1.0.27-19.1 - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2img - 1852668, 1852667, 1852666, 1852665 - disable autodiscovery for epsonds backend...

Fedora: Security Advisory for mingw-sane-backends (FEDORA-2020-b845771719)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : mingw-sane-backends (2020-b845771719)

https://gitlab.com/sane-project/backends/-/releases Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

The vulnerability of the epsonds component in the sane-backends package allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the epsonds component in the sane-backends package relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause service interruptions...

CVE-2020-12865

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation This flaw can be...

CVE-2020-12863

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Mitigation This flaw can be mitigated by limiting network scanner discover...

CVE-2020-12862

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Mitigation This flaw can be mitigated by limiting network scanner discover...

CVE-2020-12866

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Mitigation This flaw can be mitigated by limiting network scanner discovery to a trusted subnet via the "net"...

CVE-2020-12861

A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in epsondsnetread function could lead to a remote denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation This flaw can b...

CVE-2020-12864

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Mitigation This flaw can be mitigated by limiting network scanner discover...

CVE-2020-12864

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081...

CVE-2020-12862

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082...

CVE-2020-12863

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083...

CVE-2020-12864

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081...