CVE-2023-34095
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-34095 affects versions 1.0 through 2.0b4 of cpdb-libs, which are used in the Common Printing Dialog Backends (CPDB) project. The vulnerability stems from the use of `scanf(3)` functions, specifically `fscanf()`, in parsing command lines and configuration files. cpdb-libs does not enforce a limit on the length of strings read by these functions, resulting in buffer overflows when input strings exceed 1023 characters. The impact of this issue is mitigated by a patch, available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7, which restricts the maximum string length to 1023 characters by replacing all occurrences of `%s` with `%1023s` in `fscanf()` and `scanf()` function calls.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.