Multiple vulnerabilities have been discovered in T1Lib, the worst of which could lead to remote execution of arbitrary code.
|Package||media-libs/t1lib on all architectures|
|Affected versions||< 5.1.2-r1|
|Unaffected versions||>= 5.1.2-r1|
T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.
Multiple vulnerabilities have been discovered in T1Lib. Please review the CVE identifiers referenced below for details.
Remote attackers, by coercing users to process specially crafted AFM font or PDF file, could cause a Denial of Service condition or execute arbitrary code.
There is no known workaround at this time.
All T1Lib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/t1lib-5.1.2-r1"
January 23, 2017
January 23, 2017: 1