This page lists publicly disclosed CVE vulnerabilities affecting sane-project sane_backends (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-46052 | Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. | [email protected] | 7.1 | 0.08% | 2024-03-27 | 2025-11-04 |
| CVE-2023-46047 | An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | [email protected] | 7.3 | 0.04% | 2024-03-27 | 2025-11-04 |
| CVE-2020-12866 | A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. | [email protected] | 5.7 | 0.21% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12865 | A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | [email protected] | 8.0 | 0.29% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12864 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. | [email protected] | 4.3 | 0.10% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12863 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | [email protected] | 4.3 | 0.11% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12862 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | [email protected] | 4.3 | 0.11% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12861 | A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | [email protected] | 8.8 | 0.59% | 2020-06-24 | 2024-11-21 |
| CVE-2020-12867 | A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. | [email protected] | 5.5 | 0.11% | 2020-06-01 | 2024-11-21 |