A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Reference: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
Created mingw-sane-backends tracking bugs for this issue: Affects: fedora-all [bug 1848099] Created sane-backends tracking bugs for this issue: Affects: fedora-all [bug 1848098]
External References: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
Upstream patch: https://gitlab.com/sane-project/backends/-/commit/4c9e4efd4a82214719eeb1377a900e3a85c1c369
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12867
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1744 https://access.redhat.com/errata/RHSA-2021:1744