Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Feb 2016 10:44:58 +0100
From: Stefan Cornelius <>
Subject: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability


A buffer-overflow vulnerability was discovered in the unhtmlify()
function of foomatic-rip. The function did not properly calculate
buffer sizes, possibly leading to a heap-based memory corruption. A
remote, unauthenticated attacker could exploit this flaw to cause
foomatic-rip to crash or possibly execute arbitrary code.

This is a rather old bug, which was fixed upstream a long time ago.

Fixed in:
rev 239 of the HEAD branch and rev 225 of the 4.0.x branch


Upstream bug:

RH bug:

Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.