MidnightBSD

Advisories for sane-project

CVE-2020-12861 HIGH

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12862 LOW

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12863 LOW

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12864 LOW

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12865 MEDIUM

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12866 LOW

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
CVE-2020-12867 LOW

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
opensuse leap 15.2
canonical ubuntu_linux 16.04
sane-project sane_backends *
fedoraproject fedora 32
CVE-2023-46047

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.

Products Affected

Vendor Product Version
sane-project sane_backends 1.2.1
CVE-2023-46052

Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.

Products Affected

Vendor Product Version
sane-project sane_backends 1.2.1