Debian Security Advisory
DLA-256-1 t1utils -- LTS security update
- Date Reported:
- 29 Jun 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 779274.
In Mitre's CVE dictionary: CVE-2015-3905.
- More information:
Jakub Wilk found a vulnerability in the Type 1 font manipulation programs, t1utils:
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
For Debian 6
Squeeze, this issue has been fixed in t1utils version 1.36-1+deb6u1.