Lucene search
+L
Sane-projectSane Backends

9 matches found

CVE
CVE
added 2020/06/01 1:50 p.m.278 views

CVE-2020-12867

CVE-2020-12867 involves a NULL pointer dereference in sanei_epson_net_read within SANE backends prior to 1.0.30. A malicious device on the same local network could trigger a denial of service. The connected Debian/AlmaLinux advisories and Fedora/Alpine notes indicate the issue affects sane-backen...

5.5CVSS5.4AI score0.00497EPSS
CVE
CVE
added 2020/06/24 12:0 a.m.210 views

CVE-2020-12861

CVE-2020-12861 involves a heap buffer overflow in sane-backends before 1.0.30, via epsonds_net_read in epsonds-net.c; CVE-2020-12865 is a heap overflow in esci2_img. Connected advisories confirm these issues in sane-backends and indicate fixes in later releases (up to at least 1.0.31). Affected p...

8.8CVSS8.7AI score0.03044EPSS
CVE
CVE
added 2020/06/24 12:52 p.m.209 views

CVE-2020-12865

SANE Backends CVE-2020-12865 describes a heap buffer overflow in SANE Backends before 1.0.30 that lets a malicious device on the same local network execute arbitrary code. Affected component: sane-backends (likely epsonds/esci2_img related paths) with exploitation possible without user interactio...

8CVSS8.3AI score0.01457EPSS
CVE
CVE
added 2020/06/24 12:52 p.m.201 views

CVE-2020-12863

The CVE-2020-12863 issue is an out-of-bounds read in SANE Backends prior to 1.0.30, enabling a local-network attacker connected to the same host to read sensitive data (e.g., ASLR offsets). Multiple connected advisories confirm the same root cause and note fixes in subsequent sane-backends releas...

4.3CVSS5.7AI score0.01006EPSS
CVE
CVE
added 2020/06/24 12:52 p.m.196 views

CVE-2020-12862

CVE-2020-12862 affects the SANE backends project prior to version 1.0.30. The issue is an out-of-bounds read in the SANE backends that may allow a malicious device on the same local network to read memory content, including ASLR offsets, exposing partial confidentiality information. Exploitation ...

4.3CVSS5.7AI score0.01077EPSS
CVE
CVE
added 2020/06/24 12:52 p.m.193 views

CVE-2020-12866

CVE-2020-12866: A NULL pointer dereference in SANE Backends before 1.0.30 can allow a malicious device on the same local network to cause a denial of service. Documented impact is a DoS; root cause is NULL pointer dereference in SANE Backends prior to 1.0.30. Remediation: upgrade to 1.0.30 or lat...

5.7CVSS6.4AI score0.01041EPSS
CVE
CVE
added 2020/06/24 12:52 p.m.189 views

CVE-2020-12864

CVE-2020-12864 affects SANE Backends prior to 1.0.30. The vulnerability is an out-of-bounds read that may allow a malicious device on the same local network to read sensitive information (e.g., ASLR offsets). Public docs converge on 1.0.30 as the fixed point, with later advisories (e.g., 1.0.31) ...

4.3CVSS5.7AI score0.01204EPSS
CVE
CVE
added 2024/03/27 12:0 a.m.59 views

CVE-2023-46047

CVE-2023-46047 : Affects Sane 1.2.1. Local attacker can trigger arbitrary code execution via a crafted file fed to the sanei_configure_attach() function. The vulnerability is disputed due to the expectation that the product should not start with an attacker-controlled configuration file. Connecte...

7.3CVSS7.4AI score0.00372EPSS
CVE
CVE
added 2024/03/27 12:0 a.m.54 views

CVE-2023-46052

Sane 1.2.1 is affected by a CVE-2023-46052 heap bounds overwrite in init_options() via a long init_mode string in a configuration file. The root cause is in backend/test.c. The description is disputed: there is no expectation that test.c runs with an attacker-controlled configuration file. Public...

7.1CVSS6.9AI score0.00364EPSS