CVE-2023-46047

Published: Mar 27, 2024Modified: Nov 4, 2025

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.

Affected (1)

Products: Sane Project: Sane Backends

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sane Project Sane Backends	Version 1.2.1

Running on/with	Platform Versions
Sane Project Sane Backends	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (5)

http://seclists.org/fulldisclosure/2024/Jan/64

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://gitlab.com/sane-project/backends/-/issues/708

Source: cve@mitre.org

ExploitIssue Tracking

http://packetstormsecurity.com/files/176818/sane-1.2.1-Null-Pointer.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Jan/64

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://gitlab.com/sane-project/backends/-/issues/708

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.