Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Feb 2016 10:44:58 +0100
From: Stefan Cornelius <>
Subject: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability


A buffer-overflow vulnerability was discovered in the unhtmlify()
function of foomatic-rip. The function did not properly calculate
buffer sizes, possibly leading to a heap-based memory corruption. A
remote, unauthenticated attacker could exploit this flaw to cause
foomatic-rip to crash or possibly execute arbitrary code.

This is a rather old bug, which was fixed upstream a long time ago.

Fixed in:
rev 239 of the HEAD branch and rev 225 of the 4.0.x branch


Upstream bug:

RH bug:

Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ