--- xli-1.17.0.orig/faces.c
+++ xli-1.17.0/faces.c
@@ -54,9 +54,15 @@
     if (! strcmp(buf, "\n"))
       break;
     if (!strncmp(buf, "FirstName:", 10))
-      strcpy(fname, buf + 11);
+      {
+	strncpy(fname, buf + 11, BUFSIZ - 1);
+	fname[BUFSIZ - 1] = '\0';
+      }
     else if (!strncmp(buf, "LastName:", 9))
-      strcpy(lname, buf + 10);
+      {
+	strncpy(lname, buf + 10, BUFSIZ - 1);
+	lname[BUFSIZ - 1] = '\0';
+      }
     else if (!strncmp(buf, "Image:", 6)) {
       if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) {
 	fprintf(stderr,"facesLoad: %s - Bad image\n", name);
@@ -117,7 +123,7 @@
   znocache(zf);
   image= newRGBImage(w, h, d);
   fname[strlen(fname) - 1]= ' ';
-  strcat(fname, lname);
+  strncat(fname, lname, BUFSIZ - strlen(fname) -1);
   fname[strlen(fname) - 1]= '\0';
   image->title= dupString(fname);