DEBIAN-CVE-2023-34095
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-34095
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-34095.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-34095
- Upstream
- Published
- 2023-06-14T17:15:09Z
- Modified
- 2025-09-25T23:29:42.030882Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of
scanf(3). cpdb-libs uses thefscanf()andscanf()functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read byfscanf()andscanf()causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of%swith%1023sin all calls of thefscanf()andscanf()functions. - References
Affected packages
Debian:12 / cpdb-libs
Package
- Name
- cpdb-libs
- Purl
- pkg:deb/debian/cpdb-libs?arch=source
Debian:13 / cpdb-libs
Package
- Name
- cpdb-libs
- Purl
- pkg:deb/debian/cpdb-libs?arch=source
Debian:14 / cpdb-libs
Package
- Name
- cpdb-libs
- Purl
- pkg:deb/debian/cpdb-libs?arch=source