CVE-2023-46052

Name of the Vulnerable Software and Affected Versions Sane version 1.2.1

Description The issue is related to a heap bounds overwrite in the init options() function from backend/test.c via a long init mode string in a configuration file. This is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.

Recommendations For Sane version 1.2.1, consider restricting access to the init options() function or limiting the length of the init mode string in configuration files to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.