CVE-2007-4033

Name	CVE-2007-4033
Description	Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1390-1
Debian Bugs	439927

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
t1lib	source	sarge	5.0.2-3sarge1	DSA-1390-1
t1lib	source	etch	5.1.0-2etch1	DSA-1390-1
t1lib	source	(unstable)	5.1.0-3		439927

Notes

originally posted as a php vuln, actually in libt1
http://www.securityfocus.com/bid/25079 (particularly the discussions)