CVE-2007-4033

Related Files

Mandriva Linux Security Advisory 2007.230

Posted Nov 26, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.

tags | advisory, overflow, arbitrary, local

systems | linux, mandriva

advisories | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033

SHA-256 | 0f991775c30cb8dd149ffa43aa740074474f1908da8c8544dd63843d28effc58

Download | Favorite | View

Debian Linux Security Advisory 1390-1

Posted Oct 22, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1390-1 - Hamid Ebadi has discovered a buffer overflow the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash and application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2007-4033

SHA-256 | f1f99de36dc124eb99855035833c588793e50108a12c7b05c2d25a455a80184f

Download | Favorite | View

Gentoo Linux Security Advisory 200710-12

Posted Oct 13, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-12 - Hamid Ebadi discovered a boundary error in the intT1_EnvGetCompletePath() function which can lead to a buffer overflow when processing an overly long filename. Versions less than 5.0.2-r1 are affected.

tags | advisory, overflow

systems | linux, gentoo

advisories | CVE-2007-4033

SHA-256 | e7f7a33383c7b3527f72dadaa20fb8c470e4acd3dc5f32dea035612d56058036

Download | Favorite | View

Mandriva Linux Security Advisory 2007.189

Posted Sep 28, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow vulnerability was discovered in t1lib due to improper bounds checking. An attacker could send specially crafted input to an application linked against t1lib which could lead to a denial of service or the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2007-4033

SHA-256 | a8026709adc16ea23d550adf126409481245d3028976c88f515711b3d24aea52

Download | Favorite | View

Ubuntu Security Notice 515-1

Posted Sep 20, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 515-1 - It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution

systems | linux, ubuntu

advisories | CVE-2007-4033

SHA-256 | d244d3b0f668fdadb3b381efe448f72d60df6e9b29980fd755279eea68404437

Download | Favorite | View