diff -up libcdio-0.82/lib/driver/MSWindows/win32_ioctl.c.sprintf libcdio-0.82/lib/driver/MSWindows/win32_ioctl.c
--- libcdio-0.82/lib/driver/MSWindows/win32_ioctl.c.sprintf	2011-05-19 08:45:55.326672827 +0200
+++ libcdio-0.82/lib/driver/MSWindows/win32_ioctl.c	2011-05-19 08:46:00.008672826 +0200
@@ -35,7 +35,7 @@ static const char _rcsid[] = "$Id: win32
 #include "undocumented.h"
 #define FORMAT_ERROR(i_err, psz_msg) \
    psz_msg=(char *)LocalAlloc(LMEM_ZEROINIT, 255); \
-   sprintf(psz_msg, "error file %s: line %d (%s) %d\n", 
+   sprintf(psz_msg, "error file %.100s: line %d (%.100s) %d\n", 
 	   _FILE__, __LINE__, __PRETTY_FUNCTION__, i_err)
 #else
 #include <ddk/ntddcdrm.h>
diff -up libcdio-0.82/lib/driver/solaris.c.sprintf libcdio-0.82/lib/driver/solaris.c
--- libcdio-0.82/lib/driver/solaris.c.sprintf	2011-05-19 08:47:40.862672799 +0200
+++ libcdio-0.82/lib/driver/solaris.c	2011-05-19 09:05:47.204672524 +0200
@@ -1014,7 +1014,7 @@ cdio_get_devices_solaris (void)
 
     /* Check if this is a directory, if so it's probably Solaris media */
     if(S_ISDIR(st.st_mode)) {
-      sprintf(volpath, "%s/s0", globbuf.gl_pathv[i]);
+      snprintf(volpath, 256, "%s/s0", globbuf.gl_pathv[i]);
       if(stat(volpath, &st) == 0)
         cdio_add_device_list(&drives, volpath, &i_files);
 	}else
diff -up libcdio-0.82/src/cdda-player.c.sprintf libcdio-0.82/src/cdda-player.c
--- libcdio-0.82/src/cdda-player.c.sprintf	2011-05-19 08:54:48.151672692 +0200
+++ libcdio-0.82/src/cdda-player.c	2011-05-19 08:59:29.486672620 +0200
@@ -307,7 +307,7 @@ xperror(const char *psz_msg)
   }
   
   if (b_verbose) {
-    sprintf(line,"%s: %s", psz_msg, strerror(errno));
+    snprintf(line, 80, "%s: %s", psz_msg, strerror(errno));
     attron(A_STANDOUT);
     mvprintw(LINE_ACTION, 0, (char *) "error  : %s", line);
     attroff(A_STANDOUT);
@@ -715,7 +715,7 @@ display_status(bool b_status_only)
   if (!b_interactive) return;
 
   if (!b_cd) {
-    sprintf(line,"no CD in drive (%s)", psz_device);
+    snprintf(line, 80, "no CD in drive (%s)", psz_device);
 
   } else if (i_first_track == CDIO_CDROM_LEADOUT_TRACK) {
     sprintf(line,"CD has only data tracks");
@@ -725,7 +725,7 @@ display_status(bool b_status_only)
     cdio_audio_get_volume(p_cdio, &audio_volume);
     if (i_vol_port < 4) {
 	i_volume_level = rounded_div(audio_volume.level[i_vol_port]*100, 256);
-	sprintf(line,
+	snprintf(line, 80,
 		"track %2d - %02x:%02x of %s (%02x:%02x abs) %s volume: %d",
 		sub.track, sub.rel_addr.m, sub.rel_addr.s, 
 		cd_info[sub.track].length,
@@ -733,12 +733,12 @@ display_status(bool b_status_only)
 		mmc_audio_state2str(sub.audio_status),
 		i_volume_level);
       } else 
-	sprintf(line,"track %2d - %02x:%02x of %s (%02x:%02x abs) %s",
+	snprintf(line, 80, "track %2d - %02x:%02x of %s (%02x:%02x abs) %s",
 		sub.track, sub.rel_addr.m, sub.rel_addr.s,
 		cd_info[sub.track].length, sub.abs_addr.m, sub.abs_addr.s,
 		mmc_audio_state2str(sub.audio_status));
   } else {
-    sprintf(line,"%s", mmc_audio_state2str(sub.audio_status));
+    snprintf(line, 80, "%s", mmc_audio_state2str(sub.audio_status));
     
   }
 
@@ -979,7 +979,7 @@ display_tracks(void)
       s = cdio_audio_get_msf_seconds(&toc[i+1]) 
 	- cdio_audio_get_msf_seconds(&toc[i]);
       read_subchannel(p_cdio);
-      sprintf(line, "%2d  %02d:%02d  %s ", i, 
+      snprintf(line, 200, "%2d  %02d:%02d  %s ", i, 
 	      s / CDIO_CD_SECS_PER_MIN,  s % CDIO_CD_SECS_PER_MIN,
 	      ( ( sub.audio_status == CDIO_MMC_READ_SUB_ST_PLAY ||
 		  sub.audio_status == CDIO_MMC_READ_SUB_ST_PAUSED ) &&