CVE-2020-12865
sane-backends: Heap buffer overflow in esci2_img
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
Un desbordamiento del búfer de la pila en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la víctima ejecutar código arbitrario, también se conoce como GHSL-2020-084
A flaw was found in sane-backends in versions prior to 1.0.30. A heap buffer overflow in the esci2_img function could lead to a remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-14 CVE Reserved
- 2020-06-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html | Mailing List | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2020-075-libsane | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html | 2022-11-08 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html | 2022-11-08 | |
| https://usn.ubuntu.com/4470-1 | 2022-11-08 | |
| https://access.redhat.com/security/cve/CVE-2020-12865 | 2020-07-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1850598 | 2020-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sane-project Search vendor "Sane-project" | Sane Backends Search vendor "Sane-project" for product "Sane Backends" | < 1.0.30 Search vendor "Sane-project" for product "Sane Backends" and version " < 1.0.30" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||