{"id":"CVE-2023-46047","details":"An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.","modified":"2026-03-14T12:15:11.733349Z","published":"2024-03-27T05:15:47.500Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/176818/sane-1.2.1-Null-Pointer.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Jan/64"},{"type":"REPORT","url":"https://gitlab.com/sane-project/backends/-/issues/708"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}