CVE-2007-4033

Publication date 27 July 2007

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

From the Ubuntu Security Team

It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
t1lib	7.04 feisty	Fixed 5.1.0-2ubuntu0.7.04.1
	6.10 edgy	Fixed 5.1.0-2ubuntu0.6.10.1
	6.06 LTS dapper	Fixed 5.1.0-2ubuntu0.6.06.1
tetex-bin	7.10 gutsy	Not in release
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
texlive-bin	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not in release

Notes

jdstrand

while tetex-bin and texlive-bin have embedded t1lib code, it's not used

References

Related Ubuntu Security Notices (USN)

USN-515-1
t1lib vulnerability
19 September 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4033