CVE-2023-34095

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-34095
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34095.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-34095
Downstream
Related
  • GHSA-25j7-9gfc-f46x
Published
2023-06-14T17:15:09Z
Modified
2025-09-19T14:33:42.677266Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf(3). cpdb-libs uses the fscanf() and scanf() functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by fscanf() and scanf() causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of %s with %1023s in all calls of the fscanf() and scanf() functions.

References

Affected packages

Git / github.com/openprinting/cpdb-libs

Affected ranges

Type
GIT
Repo
https://github.com/openprinting/cpdb-libs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f181bd1f14757c2ae0f17cc76dc20421a40f30b7

Affected versions

2.*

2.0b1
2.0b2
2.0b3
2.0b4
2.0b4-make-install-fix

v1.*

v1.0
v1.1.0
v1.1.1
v1.1.2
v1.2.0

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-34095-956e921e",
            "signature_type": "Function",
            "digest": {
                "function_hash": "297778589663011159871411707570250073467",
                "length": 9603.0
            },
            "target": {
                "file": "tools/cpdb-text-frontend.c",
                "function": "parse_commands"
            },
            "source": "https://github.com/openprinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2023-34095-a3466369",
            "signature_type": "Function",
            "digest": {
                "function_hash": "232966338657592711183676932280548400113",
                "length": 906.0
            },
            "target": {
                "file": "cpdb/cpdb-frontend.c",
                "function": "cpdbCreateBackendFromFile"
            },
            "source": "https://github.com/openprinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2023-34095-da8dde06",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "106794036159467215327277597002191485718",
                    "23193854750444549126078066877880927816",
                    "338651675975408133935376643316803609694",
                    "162373853481659372094129936452695625678"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "cpdb/cpdb-frontend.c"
            },
            "source": "https://github.com/openprinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7",
            "signature_version": "v1",
            "deprecated": false
        },
        {
            "id": "CVE-2023-34095-ddf26856",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "122545620169508653697406693138540789552",
                    "108915547300680994477333048624542876221",
                    "295221128182453447047860024575509422794",
                    "302264470336093369138288304698259310391",
                    "161949040231382404412122128039139019517",
                    "94858396277718629212562220820964687925",
                    "31252824578489826352601453837648186427",
                    "71446177774764291869674045545157515191",
                    "161949040231382404412122128039139019517",
                    "94858396277718629212562220820964687925",
                    "31252824578489826352601453837648186427",
                    "71446177774764291869674045545157515191",
                    "192030949156493069138108371082504196466",
                    "37095861634089093179979867148102994856",
                    "863660558288552468352377323504513764",
                    "8679477212816962098295845030672419177",
                    "250619041171601711182601396335288676696",
                    "99836368012289981515391380979436712557",
                    "187005659148798666127962626604709083711",
                    "133638183354996053566364304375861667013",
                    "219849838444385720399687506132658169805",
                    "37095861634089093179979867148102994856",
                    "266239721942633517916965294113297269823",
                    "262916681944601572094016398856680390096",
                    "300386944150622428455019629227379344009",
                    "196959151439333827279599493455690676594",
                    "107476737557323246688336900023974211427",
                    "106182792653690094475346480279854634318",
                    "94559193382025959770531184713386341188",
                    "37095861634089093179979867148102994856",
                    "140084739226547313294745664062273557961",
                    "100866938516751852487242277323176631590",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "144609594518403384412096965912380664596",
                    "251129584714971875539227781316205127518",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "295797932102456001046384618479489766913",
                    "211543538792690680875386027239917482304",
                    "306537661590699467677217381714403040636",
                    "213403425713573244208693012534765047194",
                    "152072419388656899305025084998215957070",
                    "320114597013239248632376315640156769583",
                    "175290426561552511417912156859632728735",
                    "49973291073676316557910543946841803253",
                    "73687723507852643824013838763015315893",
                    "40667000038014619933657882479172854132",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "119954457290280227390501670504260255915",
                    "211248547095882651444154145122345188873",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "119954457290280227390501670504260255915",
                    "211248547095882651444154145122345188873",
                    "25937852430926133441634500683578506427",
                    "59844347930284624071377892291531771255",
                    "78266111307139685024633741963574410880",
                    "313960617592559378863014630687392259173",
                    "317503117031408336993050654130976657185",
                    "206838088941503690089481211421624545014",
                    "333212204378775126692241160078591324891",
                    "111647880275916600011011818567035137199",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "98327796464223064819521415313127456791",
                    "75036259547255321147893003340475181500",
                    "263441093757429540630787189209421692222",
                    "332192444630658416440795229646529866807",
                    "102708848449663683735317305143425991496",
                    "293407645233539898199788365150489829433",
                    "100426448036662270792295986147398480606",
                    "91338103757426780022209618726718076117",
                    "15678492793605173768815323413055268194",
                    "307662414752684104056475533787035117599",
                    "73542825610169313253385791862768494758",
                    "237665369564621720188680558498107579781",
                    "106774402501951280733844852126535233933",
                    "202988017046104517283181814228852188504",
                    "93368060419869061223089492808401068012",
                    "291381435481829165952767397492194942981",
                    "143235693244026304598285045185591148505",
                    "275542263299851498984862611012992439810",
                    "245951318548024348645636357110324343851",
                    "256227670650225932157361770607620921334",
                    "282910213780405179110611161582853600864",
                    "261503629092636150751549676214919957518",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "270188947588424465749338399856574025536",
                    "256399756409349040138476497061894607557",
                    "23703340203303579631728621048116750194",
                    "273415055044872950707310312527702232409",
                    "239425966094912157489666006576165825781",
                    "145095005430919672467232746253880653242",
                    "136219085069321653160113892077290154368",
                    "276681953026538216868413675961503478333",
                    "24800396964920086196031198310422340534",
                    "108689596509916255840027302956634201662",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "173432935095784392798580885312674866630",
                    "158148248701463821219961654099399153930",
                    "161949040231382404412122128039139019517",
                    "45263197981756460370064659866356794989",
                    "173432935095784392798580885312674866630",
                    "158148248701463821219961654099399153930"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "tools/cpdb-text-frontend.c"
            },
            "source": "https://github.com/openprinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7",
            "signature_version": "v1",
            "deprecated": false
        }
    ]
}