Debian Security Advisory

DLA-256-1 t1utils -- LTS security update

Date Reported:
29 Jun 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 779274.
In Mitre's CVE dictionary: CVE-2015-3905.
More information:

Jakub Wilk found a vulnerability in the Type 1 font manipulation programs, t1utils:

  • CVE-2015-3905

    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

For Debian 6 Squeeze, this issue has been fixed in t1utils version 1.36-1+deb6u1.