Debian: DLA-2332-1 Moderate: SANE Backends Info Disclosure and DoS
debian lts
August 17, 2020
Kevin Backhouse discovered multiple vulnerabilies in the epson2 and epsonds backends of SANE, a library for scanners
Summary
CVE-2020-12862
An out-of-bounds read in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to read important information, such as the ASLR offsets of the
program, aka GHSL-2020-082.
CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to read important information, such as the ASLR offsets of the
program, aka GHSL-2020-083.
CVE-2020-12865
A heap buffer overflow in SANE Backends before 1.0.30 may allow a
malicious device connected to the same local network as the victim
to execute arbitrary code, aka GHSL-2020-084.
CVE-2020-12867
A NULL pointer dereference in sanei_epson_net_read in SANE
Backends before 1.0.30 allows a malicious device connected to the
same local network as the victim to cause a denial of service, aka
GHSL-2020-075.
For Debian 9 stretch, these problems have been fixed in version
PREVIOUS
NEXT
Package: sane-backends
Version: 1.0.25-4.1+deb9u1
CVE ID: CVE-2020-12862 CVE-2020-12863 CVE-2020-12865 CVE-2020-12867
Debian Bug: 961302
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!