{"id":"CVE-2023-46052","details":"Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.","modified":"2026-03-14T12:20:53.880966Z","published":"2024-03-27T06:15:10.403Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/176823/sane-1.2.1-Buffer-Overflow.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2024/Jan/69"},{"type":"REPORT","url":"https://gitlab.com/sane-project/backends/-/issues/709"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46052.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}]}