A buffer overflow in t1utils could result in execution of arbitrary code or Denial of Service.
|Package||app-text/t1utils on all architectures|
|Affected versions||< 1.39|
|Unaffected versions||>= 1.39|
t1utils is a collection of simple Type 1 font manipulation programs.
t1utils has a buffer overflow in the set_cs_start function in t1disasm.c.
A remote attacker could cause a denial of service and possibly execute arbitrary code via a crafted font file.
There is no known workaround at this time.
All t1utils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/t1utils-1.39"
July 10, 2015
July 10, 2015: 1