🛡️ CVE-2023-34095
🔴 CVSS 9.8 — Critical ⚠️ Exploit Public CWE-121 NVD
9.8
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions.

Details

Severity CRITICAL
CVSS Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-121
Public Exploit ⚠️ Yes
Source NVD
Published 2023-06-14
Updated 2026-06-08
Modified 2025-04-10

Affected Packages

Software From version Fixed in
cpdb-libs

References

Exploit, Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2023/06/14/7
Exploit, Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2023/06/14/7

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.