[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 256-1] t1utils security update

Package        : t1utils
Version        : 1.36-1+deb6u1
CVE ID         : CVE-2015-3905
Debian Bug     : 779274

Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:


    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
    before 1.39 allows remote attackers to cause a denial of service (crash)
    and possibly execute arbitrary code via a crafted font file.

For Debian 6 "Squeeze", this issue has been fixed in t1utils version

Attachment: signature.asc
Description: Digital signature

Reply to: