CVE-2007-4033

NameCVE-2007-4033
DescriptionBuffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1390-1
NVD severityhigh (attack range: remote)
Debian Bugs439927
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
t1lib (PTS)squeeze (security), squeeze5.1.2-3+squeeze1fixed
wheezy5.1.2-3.6fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
t1libsource(unstable)5.1.0-3high439927
t1libsourceetch5.1.0-2etch1highDSA-1390-1
t1libsourcesarge5.0.2-3sarge1highDSA-1390-1

Notes

originally posted as a php vuln, actually in libt1
http://www.securityfocus.com/bid/25079 (particularly the discussions)

Search for package or bug name: Reporting problems