Package: xsane-common Version: 0.999 Severity: normal Dear Maintainer,
It seems that there exists potential Buffer Overflow in src/xsane-save.c In line 522, items_done = fscanf(file, "%d %d", &image_info->image_width, &image_info->image_height); image_info.image_width is read from external source. In line 2414 of src/xsane-viewer.c, row = malloc(((int) image_info.image_width * v->zoom) * image_info.channels); image_info.image_width is being multiplied with v->zoom and image_info.channels. If image_info.image_width is large enough, this can cause integer overflow. -- System Information: Debian Release: 11.0 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-19041-Microsoft Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
