Red Hat Security Advisory 2016-0491-01 - Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code.
1c8dbb1c6105619a657be78d0cb2ea781f9214a1e2082f02d87b336503f8acc9
Ubuntu Security Notice 2838-2 - Adam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
56d923dc67ea7b0970ba7700c4ef4792ff1937bcf61c1a5b9a7601482e34850e
Ubuntu Security Notice 2838-1 - Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.
b560d88e34610144153770fd0cccff1691bb1acc7f29695111c1cec3d2a1f8d2
Debian Linux Security Advisory 3419-1 - Adam Chester discovered that missing input sanitizing in the foomatic-rip print filter might result in the execution of arbitrary commands.
94cd49771e6aa657df7398d9d487b7a66ee1706dc6c10e0081ac4fe3310b04e9