foomatic-combo-xml Buffer Overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
foomatic-db-engine (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: foomatic-db-engine
/usr/bin/
test case :
emanuel@
*** buffer overflow detected ***: foomatic-combo-xml terminated
emanuel@
*** buffer overflow detected ***: foomatic-combo-xml terminated
emanuel@
*** buffer overflow detected ***: foomatic-combo-xml terminated
the bug can be found at :
sprintf(
libdir, pid);
sprintf(
libdir, driver);
sprintf(
libdir);
sprintf(
libdir);
sprintf(
libdir);
sprintf(
libdir, direntry->d_name);
fix :
replace sprintf to snprintf.
visibility: | private → public |
security vulnerability: | yes → no |
Changed in foomatic-db-engine (Ubuntu): | |
status: | New → Confirmed |
Thanks for the report! Since Ubuntu already uses FORTIFY[1], these are already snprintf, and result in just an abort instead of an exploitable overflow.
[1] https:/ /wiki.ubuntu. com/CompilerFla gs