Gentoo Logo

T1Lib: Buffer overflow


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200710-12 / t1lib
Release Date October 12, 2007
Latest Revision October 12, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-libs/t1lib < 5.0.2-r1 >= 5.0.2-r1 All supported architectures

Related bugreports: #193437


T1Lib is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code.

2.  Impact Information


T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.


Hamid Ebadi discovered a boundary error in the intT1_EnvGetCompletePath() function which can lead to a buffer overflow when processing an overly long filename.


A remote attacker could entice a user to open a font file with a specially crafted filename, possibly leading to the execution of arbitrary code with the privileges of the user running the application using T1Lib.

3.  Resolution Information


There is no known workaround at this time.


All T1Lib users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.0.2-r1"

4.  References


Page updated October 12, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.