Debian DSA-1390-1 : t1lib - buffer overflow

high Nessus Plugin ID 27545

Synopsis

The remote Debian host is missing a security-related update.

Description

Hamid Ebadi discovered a buffer overflow in the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash an application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context.

Solution

Upgrade the t1lib package.

For the old stable distribution (sarge), this problem has been fixed in version 5.0.2-3sarge1.

For the stable distribution (etch), this problem has been fixed in version 5.1.0-2etch1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439927

https://www.debian.org/security/2007/dsa-1390

Plugin Details

Severity: High

ID: 27545

File Name: debian_DSA-1390.nasl

Version: 1.19

Type: local

Agent: unix

Published: 10/25/2007

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:t1lib, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/18/2007

Reference Information

CVE: CVE-2007-4033

BID: 25079

CWE: 119

DSA: 1390