diff -up cups-1.2.4/filter/hpgl-input.c.CVE-2008-0053 cups-1.2.4/filter/hpgl-input.c
--- cups-1.2.4/filter/hpgl-input.c.CVE-2008-0053	2006-02-22 19:21:50.000000000 +0000
+++ cups-1.2.4/filter/hpgl-input.c	2008-03-20 15:29:57.000000000 +0000
@@ -3,6 +3,7 @@
  *
  *   HP-GL/2 input processing for the Common UNIX Printing System (CUPS).
  *
+ *   Copyright 2007-2008 by Apple Inc.
  *   Copyright 1993-2006 by Easy Software Products.
  *
  *   These coded instructions, statements, and computer programs are the
@@ -56,6 +57,7 @@ ParseCommand(FILE    *fp,	/* I - File to
 		i;		/* Looping var */
   char		buf[262144],	/* String buffer */
 		*bufptr;	/* Pointer into buffer */
+  float		temp;		/* Temporary parameter value */
   static param_t p[MAX_PARAMS];	/* Parameter buffer */
 
 
@@ -214,10 +216,10 @@ ParseCommand(FILE    *fp,	/* I - File to
       case '-' :
       case '+' :
           ungetc(ch, fp);
-          fscanf(fp, "%f", &(p[num_params].value.number));
-          if (num_params < MAX_PARAMS)
+          if (fscanf(fp, "%f", &temp) == 1 && num_params < MAX_PARAMS)
           {
-            p[num_params].type = PARAM_RELATIVE;
+            p[num_params].type         = PARAM_RELATIVE;
+            p[num_params].value.number = temp;
             num_params ++;
           }
           break;
@@ -233,10 +235,10 @@ ParseCommand(FILE    *fp,	/* I - File to
       case '9' :
       case '.' :
           ungetc(ch, fp);
-          fscanf(fp, "%f", &(p[num_params].value.number));
-          if (num_params < MAX_PARAMS)
+          if (fscanf(fp, "%f", &temp) == 1 && num_params < MAX_PARAMS)
           {
-            p[num_params].type = PARAM_ABSOLUTE;
+            p[num_params].type         = PARAM_ABSOLUTE;
+            p[num_params].value.number = temp;
             num_params ++;
           }
           break;