Wireshark-bugs: [Wireshark-bugs] [Bug 12093] New: Insecure use of sprintf functions
Date: Sun, 07 Feb 2016 03:32:57 +0000
Bug ID 12093
Summary Insecure use of sprintf functions
Product Wireshark
Version 2.0.1
Hardware All
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Qt UI
Assignee bugzilla-admin@wireshark.org
Reporter wireshark_hammerhead@grr.la

Build Information:
N/A
--
Static code analysis of wireshark 2.0.1 reveals several buffer overflow bugs in
the QT user interface's capture_file_dialog.cpp source.

wireshark-2.0.1/ui/qt/capture_file_dialog.cpp:835: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.

        preview_first_.setText(QString().sprintf(

wireshark-2.0.1/ui/qt/capture_file_dialog.cpp:853: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.

        preview_elapsed_.setText(QString().sprintf("%02u days %02u:%02u:%02u",

wireshark-2.0.1/ui/qt/capture_file_dialog.cpp:856: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.


You are receiving this mail because:
  • You are watching all bug changes.