CVE-2023-34095

NameCVE-2023-34095
Descriptioncpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1038253

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cpdb-libs (PTS)bookworm1.2.0-2+deb12u1fixed
sid, trixie2.0~b5-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cpdb-libssourcebookworm1.2.0-2+deb12u1
cpdb-libssource(unstable)1.2.0-31038253

Notes

https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
1.2.x version predate the upstream commit 3f66d47252d5 ("print_frontend: Use
larger and more easily adjustable string buffers") and only using buffers of
100 characters of length.
Search for package or bug name: Reporting problems