BoF sscanf()
Submitted by Team w00t
Link to original bug (#796266)
Description
Hi Team,
https://github.com/GNOME/empathy/blob/master/libempathy-gtk/empathy-geometry.c#L229
i.e
sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h);
The scanf() family's %s operation, without a limit specification, permits buffer overflows such as (CWE-120, CWE-20).
Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
i.e
sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h);
Request team to please have a look and advise for same.
Cheers Team w00t
Version: 3.25.x