Bug#1038253: cpdb-libs: CVE-2023-34095
Source: cpdb-libs
Version: 1.2.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for cpdb-libs.
CVE-2023-34095[0]:
| cpdb-libs provides frontend and backend libraries for the Common
| Printing Dialog Backends (CPDB) project. In versions 1.0 through
| 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use
| of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions
| to parse command lines and configuration files, dropping the read
| string components into fixed-length buffers, but does not limit the
| length of the strings to be read by `fscanf()` and `scanf()` causing
| buffer overflows when a string is longer than 1023 characters. A
| patch for this issue is available at commit
| f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a
| length of 1024 characters, the patch limits the maximum string
| length to be read to 1023 by replacing all occurrences of `%s` with
| `%1023s` in all calls of the `fscanf()` and `scanf()` functions.
Note, that 1.2.x predates the comit 3f66d47252d5 ("print_frontend: Use
larger and more easily adjustable string buffers") and so the older
version is only using buffers of 100 characters of length.
Additionally basically the fix consists of searching of all 'fscanf()'
and 'scanf()' usages, and replace the '%s' occurences accordingly.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-34095
https://www.cve.org/CVERecord?id=CVE-2023-34095
[1] https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
Regards,
Salvatore
Reply to: