[ GLSA 201507-10 ] t1utils

[GLSA]

Gentoo Linux Security Advisory

Title: t1utils: Arbitrary code execution (GLSA 201507-10)
Severity: normal
Exploitable: remote
Date: July 10, 2015
Bug(s): #548638
ID: 201507-10

Synopsis

A buffer overflow in t1utils could result in execution of arbitrary
code or Denial of Service.


Background

t1utils is a collection of simple Type 1 font manipulation programs.

Affected Packages

Package: app-text/t1utils
Vulnerable: < 1.39
Unaffected: >= 1.39
Architectures: All supported architectures


Description

t1utils has a buffer overflow in the set_cs_start function in
t1disasm.c.


Impact

A remote attacker could cause a denial of service and possibly execute
arbitrary code via a crafted font file.


Workaround

There is no known workaround at this time.

Resolution

All t1utils users should upgrade to the latest version: