CVE-2020-12865 — Out-of-bounds Write in Sane Backends

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound11 documents8 sources

Severity

8.0HIGHNVD

OSV7.5

EPSS

0.3%

top 47.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sane-project Sane Backends Sane-backends Project Sane-backends Canonical Ubuntu Linux +2 more

Timeline

PublishedJun 24

Latest updateMay 24

Description

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

▶NVDsane-project/sane_backends< 1.0.30

▶Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

GHSA

GHSA-xw72-4xqx-6qww: A heap buffer overflow in SANE Backends before 1↗2022-05-24

▶

OSV

sane-backends vulnerabilities↗2020-08-24

▶

CVEList

CVE-2020-12865: A heap buffer overflow in SANE Backends before 1↗2020-06-24

▶

OSV

CVE-2020-12865: A heap buffer overflow in SANE Backends before 1↗2020-06-24

▶

📋Vendor Advisories

Ubuntu

sane-backends vulnerabilities↗2020-08-24

▶

Red Hat

sane-backends: Heap buffer overflow in esci2_img↗2020-05-17

▶

Debian

CVE-2020-12865: sane-backends - A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious devi...↗2020

▶

💬Community

Bugzilla

CVE-2020-12865 mingw-sane-backends: sane-backends: Heap buffer overflow in esci2_img [fedora-all]↗2020-06-24

▶

Bugzilla

CVE-2020-12865 sane-backends: Heap buffer overflow in esci2_img [fedora-all]↗2020-06-24

▶

Bugzilla

CVE-2020-12865 sane-backends: Heap buffer overflow in esci2_img↗2020-06-24

▶