CVE-2020-12865

Published: 24 June 2020

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

Priority

CVSS 3 base score: 8.0

Status

Package	Release	Status
sane-backends Launchpad, Ubuntu, Debian	bionic	Released (1.0.27-1~experimental3ubuntu2.3)
	eoan	Ignored (reached end-of-life)
	focal	Released (1.0.29-0ubuntu5.1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (1.0.30)
	xenial	Released (1.0.25+git20150528-1ubuntu2.16.04.3)
	Patches: upstream: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
https://gitlab.com/sane-project/backends/-/releases/1.0.30
https://ubuntu.com/security/notices/USN-4470-1
NVD
Launchpad
Debian

Bugs

https://gitlab.com/sane-project/backends/-/issues/279
https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›