Red Hat Security Advisory 2016-0491-01 - Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code.
1c8dbb1c6105619a657be78d0cb2ea781f9214a1e2082f02d87b336503f8acc9
Ubuntu Security Notice 2831-1 - Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
13fc9a5b7a351043ce247a20ce0df124cc06ec74262ddd5dc735be8d877cadc9
Ubuntu Security Notice 2831-2 - Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
c7505bab251e5fe1f41a4e43073792ba3d27df28a6997befef75ff9cb5d7f178
Debian Linux Security Advisory 3411-1 - Michal Kowalczyk discovered that missing input sanitizing in the foomatic-rip print filter might result in the execution of arbitrary commands.
115f5c398e30dbc11ada3adb77eb84a593571a1601061db9c9cf98ec628f5f80