diff -up cups-1.2.12/filter/hpgl-input.c.CVE-2008-0053 cups-1.2.12/filter/hpgl-input.c
--- cups-1.2.12/filter/hpgl-input.c.CVE-2008-0053	2007-07-06 23:39:54.000000000 +0100
+++ cups-1.2.12/filter/hpgl-input.c	2008-04-01 16:56:26.000000000 +0100
@@ -3,6 +3,7 @@
  *
  *   HP-GL/2 input processing for the Common UNIX Printing System (CUPS).
  *
+ *   Copyright 2007-2008 by Apple Inc.
  *   Copyright 1993-2006 by Easy Software Products.
  *
  *   These coded instructions, statements, and computer programs are the
@@ -56,6 +57,7 @@ ParseCommand(FILE    *fp,	/* I - File to
 		i;		/* Looping var */
   char		buf[262144],	/* String buffer */
 		*bufptr;	/* Pointer into buffer */
+  float		temp;		/* Temporary parameter value */
   static param_t p[MAX_PARAMS];	/* Parameter buffer */
 
 
@@ -220,10 +222,10 @@ ParseCommand(FILE    *fp,	/* I - File to
       case '-' :
       case '+' :
           ungetc(ch, fp);
-          fscanf(fp, "%f", &(p[num_params].value.number));
-          if (num_params < MAX_PARAMS)
+          if (fscanf(fp, "%f", &temp) == 1 && num_params < MAX_PARAMS)
           {
-            p[num_params].type = PARAM_RELATIVE;
+            p[num_params].type         = PARAM_RELATIVE;
+            p[num_params].value.number = temp;
             num_params ++;
           }
           break;
@@ -239,10 +241,10 @@ ParseCommand(FILE    *fp,	/* I - File to
       case '9' :
       case '.' :
           ungetc(ch, fp);
-          fscanf(fp, "%f", &(p[num_params].value.number));
-          if (num_params < MAX_PARAMS)
+          if (fscanf(fp, "%f", &temp) == 1 && num_params < MAX_PARAMS)
           {
-            p[num_params].type = PARAM_ABSOLUTE;
+            p[num_params].type         = PARAM_ABSOLUTE;
+            p[num_params].value.number = temp;
             num_params ++;
           }
           break;