Hi,
It seems that there exists a potential buffer overflow, according to the following code:
|
char * ZOE = getenv("ZOE"); |
|
sprintf(path, "%s/HMM/%s", ZOE, file); |
getenv("ZOE") can be an arbitrary large number and cause buffer overflow while executing sprintf().
