CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability

[Stefan Cornelius <scorneli () redhat com>]

Hi,

A buffer-overflow vulnerability was discovered in the unhtmlify()
function of foomatic-rip. The function did not properly calculate
buffer sizes, possibly leading to a heap-based memory corruption. A
remote, unauthenticated attacker could exploit this flaw to cause
foomatic-rip to crash or possibly execute arbitrary code.

This is a rather old bug, which was fixed upstream a long time ago.

Fixed in:
rev 239 of the HEAD branch and rev 225 of the 4.0.x branch

References:

Upstream bug:
https://bugs.linuxfoundation.org/show_bug.cgi?id=515

RH bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1218297

Thanks,
-- 
Stefan Cornelius / Red Hat Product Security