CVE-2015-3905

NameCVE-2015-3905
DescriptionBuffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-256-1
Debian Bugs779274

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
t1utils (PTS)buster1.41-3fixed
sid, trixie, bookworm, bullseye1.41-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
t1utilssourcesqueeze1.36-1+deb6u1DLA-256-1
t1utilssource(unstable)1.38-4779274

Notes

[wheezy] - t1utils <no-dsa> (Minor issue)
https://github.com/kohler/t1utils/issues/4
https://www.openwall.com/lists/oss-security/2015/05/13/9
Search for package or bug name: Reporting problems