t1utils: Arbitrary code execution — GLSA 201507-10

A buffer overflow in t1utils could result in execution of arbitrary code or Denial of Service.

Affected Packages

app-text/t1utils on all architectures
Affected versions < 1.39
Unaffected versions >= 1.39

Background

t1utils is a collection of simple Type 1 font manipulation programs.

Description

t1utils has a buffer overflow in the set_cs_start function in t1disasm.c.

Impact

A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file.

Workaround

There is no known workaround at this time.

Resolution

All t1utils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/t1utils-1.39"
 

References

Release Date
July 10, 2015

Latest Revision
July 10, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries