CVE-2020-12865

Published: 24 June 2020

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

Priority

CVSS 3 base score: 8.0

Status

Package	Release	Status
sane-backends Launchpad, Ubuntu, Debian	Upstream	Released (1.0.30)



	Ubuntu 20.04 LTS (Focal Fossa)	Released (1.0.29-0ubuntu5.1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (1.0.27-1~experimental3ubuntu2.3)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.0.25+git20150528-1ubuntu2.16.04.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Upstream: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
https://gitlab.com/sane-project/backends/-/releases/1.0.30
https://usn.ubuntu.com/usn/usn-4470-1
NVD
Launchpad
Debian

Bugs

https://gitlab.com/sane-project/backends/-/issues/279
https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM