GNOME Bugzilla – Bug 796266
BoF sscanf()
Last modified: 2018-05-22 19:19:56 UTC
Hi Team, https://github.com/GNOME/empathy/blob/master/libempathy-gtk/empathy-geometry.c#L229 i.e sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h); The scanf() family's %s operation, without a limit specification, permits buffer overflows such as (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. i.e sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h); Request team to please have a look and advise for same. Cheers Team w00t
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/empathy/issues/910.