sane-project/backends

sane-project/backends

Releases87

Frequency3 months 2 weeks

Last Release about 1 year ago

Stars80

Scanner Access Now Easy ― Backends

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46052 ↗	Mar 27, 2024Wednesday, 27 March 2024, 06:15	7.1 HIGH	—
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
CVE-2023-46047 ↗	Mar 27, 2024Wednesday, 27 March 2024, 05:15	7.3 HIGH	—
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
CVE-2020-12867 ↗	Jun 1, 2020Monday, 1 June 2020, 14:15	5.5 MEDIUM	2.1 LOW
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.