*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: foomatic-db-engine /usr/bin/foomatic-combo-xml write data given by parameters to fixed char[1024] with sprintf which can trigger buffer overflow . test case : emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -l `python -c "print 'A'*1007"` *** buffer overflow detected ***: foomatic-combo-xml terminated emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -p `python -c "print 'A'*244"` -d 1 *** buffer overflow detected ***: foomatic-combo-xml terminated emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -p 1 -d `python -c "print 'A'*983"` *** buffer overflow detected ***: foomatic-combo-xml terminated the bug can be found at : sprintf(printerfilename, "%s/db/source/printer/%s.xml", libdir, pid); sprintf(driverfilename, "%s/db/source/driver/%s.xml", libdir, driver); sprintf(optiondirname, "%s/db/source/opt", libdir); sprintf(driverdirname, "%s/db/source/driver", libdir); sprintf(printerdirname, "%s/db/source/printer", libdir); sprintf(optionfilename, "%s/db/source/opt/%s", libdir, direntry->d_name); fix : replace sprintf to snprintf. ** Affects: foomatic-db-engine (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/783603 Title: foomatic-combo-xml Buffer Overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs