A new vulnerability has been discovered in libraries offered by cpdb-libs, which are commonly used to organize the work of conclusion dialogs for printing and abstracting dialogs used in graphic toolkits and applications. These libraries support various printing technologies including CUPS/IPP, cloud services, and more, and are widely used in applications such as GTK, QT, Libreoffice, Firefox and Chromium.
The vulnerability, revealed in a recent advisory, involves overflow of the buffer during the processing of external data. The vulnerability is caused by the widespread use of Scanf and FSCANF functions in the code to copy the fixed size buffer without checking or limiting the size of the copied data.
The problem can be fixed through the application of patches which replace the types of ‘Scanf(” file_path printer_id back_end_name correction is still available in the form of> patches’, with the types of ‘scanf (“%1023s”, buf)’.
Users are advised to apply the patches in order to prevent this vulnerability from being exploited. Further information and patches can be found on the OpenPrinting GitHub page.