Debian Security Advisory
DLA-256-1 t1utils -- LTS security update
- Date Reported:
- 29 Jun 2015
- Affected Packages:
- t1utils
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 779274.
In Mitre's CVE dictionary: CVE-2015-3905. - More information:
-
Jakub Wilk found a vulnerability in the Type 1 font manipulation programs, t1utils:
- CVE-2015-3905
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
For Debian 6
Squeeze
, this issue has been fixed in t1utils version 1.36-1+deb6u1. - CVE-2015-3905