Package: pixmap Version: 2.6pl4-14.2 Severity: normal Hi,
While scanning some packages I found the following piece of code which leads
to a buffer overflow when an overly long HOME env var is used.
Affected code (PixEdit.c):
> char filename[256];
>
>
> /* first try to open in local dir */
> if (!(colorfile = fopen(fname, "r")))
> { /* try in homedir */
> sprintf(filename, "%s/%s", getenv("HOME"), fname);
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
