Sane-project Sane Backends — known CVE vulnerabilities
Every CVE whose affected-product data names Sane-project Sane Backends, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-12861 — CVSS 8.8 (high): A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to…
CVE-2020-12865 — CVSS 8.0 (high): A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to…
CVE-2023-46047 — CVSS 7.3 (high): An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE…
CVE-2023-46052 — CVSS 7.1 (high): Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is…
CVE-2020-12866 — CVSS 5.7 (medium): A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to…
CVE-2020-12867 — CVSS 5.5 (medium): A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local…
CVE-2020-12863 — CVSS 4.3 (medium): An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read…
CVE-2020-12862 — CVSS 4.3 (medium): An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read…
CVE-2020-12864 — CVSS 4.3 (medium): An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read…