Sane Project

sane-project

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46052 1Sane Project 1Sane Backends Nov 4, 2025 Mar 27, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with...Show more Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.Show less
CVE-2023-46047 1Sane Project 1Sane Backends Nov 4, 2025 Mar 27, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be star...Show more An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.Show less
CVE-2020-12866 3Canonical OpensuseSane Project 3Leap Sane BackendsUbuntu Linux Nov 21, 2024 Jun 24, 2020 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
CVE-2020-12865 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
CVE-2020-12864 3Canonical OpensuseSane Project 3Leap Sane BackendsUbuntu Linux Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.Show less
CVE-2020-12863 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.Show less
CVE-2020-12862 4Canonical DebianOpensuse+1 more 4Debian Linux LeapSane Backends+1 more Nov 21, 2024 Jun 24, 2020 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-08...Show more An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.Show less
CVE-2020-12861 3Canonical OpensuseSane Project 3Leap Sane BackendsUbuntu Linux Nov 21, 2024 Jun 24, 2020 N/A· v4 8.8 HIGH· v3 7.9 HIGH· v2 A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
CVE-2020-12867 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Jun 1, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.