Gentoo Logo

T1Lib: Buffer overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200710-12 / t1lib
Release Date October 12, 2007
Latest Revision October 12, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-libs/t1lib < 5.0.2-r1 >= 5.0.2-r1 All supported architectures

Related bugreports: #193437

Synopsis

T1Lib is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code.

2.  Impact Information

Background

T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.

Description

Hamid Ebadi discovered a boundary error in the intT1_EnvGetCompletePath() function which can lead to a buffer overflow when processing an overly long filename.

Impact

A remote attacker could entice a user to open a font file with a specially crafted filename, possibly leading to the execution of arbitrary code with the privileges of the user running the application using T1Lib.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All T1Lib users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.0.2-r1"

4.  References

Print

Page updated October 12, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.