The bug is a simple buffer overflow in scan/sane/bb_ledm.c
There is a six character buffer that expects to contain an integer from an HTTP connection that is terminated with a "\r\n". But there's no checking if something else is read. In this case "HTTP/1." has been read before the crash.
I can't seem to work out where the hplip source code is managed or how to file a bug so the developers of it can fix this...
The bug is a simple buffer overflow in scan/sane/bb_ledm.c
There is a six character buffer that expects to contain an integer from an HTTP connection that is terminated with a "\r\n". But there's no checking if something else is read. In this case "HTTP/1." has been read before the crash.
I can't seem to work out where the hplip source code is managed or how to file a bug so the developers of it can fix this...