blob: e20176743b7b3153ce5f3efeb51f27529429c695 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200710-12">
<title>T1Lib: Buffer overflow</title>
T1Lib is vulnerable to a buffer overflow allowing for the user-assisted
execution of arbitrary code.
<product type="ebuild">t1lib</product>
<announced>October 12, 2007</announced>
<revised>October 12, 2007: 01</revised>
<package name="media-libs/t1lib" auto="yes" arch="*">
<unaffected range="ge">5.0.2-r1</unaffected>
<vulnerable range="lt">5.0.2-r1</vulnerable>
T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.
Hamid Ebadi discovered a boundary error in the
intT1_EnvGetCompletePath() function which can lead to a buffer overflow
when processing an overly long filename.
<impact type="normal">
A remote attacker could entice a user to open a font file with a
specially crafted filename, possibly leading to the execution of
arbitrary code with the privileges of the user running the application
using T1Lib.
There is no known workaround at this time.
All T1Lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/t1lib-5.0.2-r1&quot;</code>
<uri link="">CVE-2007-4033</uri>
<metadata tag="requester" timestamp="Wed, 26 Sep 2007 12:38:38 +0000">
<metadata tag="bugReady" timestamp="Wed, 26 Sep 2007 12:39:08 +0000">
<metadata tag="submitter" timestamp="Mon, 08 Oct 2007 00:05:38 +0000">