CVE - CVE-2007-4033

CVE-ID
CVE-2007-4033	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:25079 URL:http://www.securityfocus.com/bid/25079 BUGTRAQ:20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability URL:http://www.securityfocus.com/archive/1/480239/100/100/threaded BUGTRAQ:20070921 Re: [USN-515-1] t1lib vulnerability URL:http://www.securityfocus.com/archive/1/480244/100/100/threaded BUGTRAQ:20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi URL:http://www.securityfocus.com/archive/1/485823/100/0/threaded BUGTRAQ:20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts URL:http://www.securityfocus.com/archive/1/487984/100/0/threaded CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=193437 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007 CONFIRM:https://issues.rpath.com/browse/RPL-1972 DEBIAN:DSA-1390 URL:http://www.debian.org/security/2007/dsa-1390 EXPLOIT-DB:4227 URL:https://www.exploit-db.com/exploits/4227 FEDORA:FEDORA-2007-2343 URL:http://fedoranews.org/updates/FEDORA-2007-234.shtml FEDORA:FEDORA-2007-3390 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html FEDORA:FEDORA-2007-750 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html GENTOO:GLSA-200710-12 URL:http://security.gentoo.org/glsa/glsa-200710-12.xml GENTOO:GLSA-200711-34 URL:http://security.gentoo.org/glsa/glsa-200711-34.xml GENTOO:GLSA-200805-13 URL:http://security.gentoo.org/glsa/glsa-200805-13.xml MANDRIVA:MDKSA-2007:189 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:189~~ (Obsolete source) MANDRIVA:MDKSA-2007:230 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:230~~ (Obsolete source) MISC:http://www.bugtraq.ir/adv/t1lib.txt MISC:https://bugzilla.redhat.com/show_bug.cgi?id=303021 OVAL:oval:org.mitre.oval:def:10557 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 REDHAT:RHSA-2007:1027 URL:http://www.redhat.com/support/errata/RHSA-2007-1027.html REDHAT:RHSA-2007:1030 URL:http://www.redhat.com/support/errata/RHSA-2007-1030.html REDHAT:RHSA-2007:1031 URL:http://www.redhat.com/support/errata/RHSA-2007-1031.html SECTRACK:1018905 URL:http://www.securitytracker.com/id?1018905 SECUNIA:26241 URL:http://secunia.com/advisories/26241 SECUNIA:26901 URL:http://secunia.com/advisories/26901 SECUNIA:26981 URL:http://secunia.com/advisories/26981 SECUNIA:26992 URL:http://secunia.com/advisories/26992 SECUNIA:27239 URL:http://secunia.com/advisories/27239 SECUNIA:27297 URL:http://secunia.com/advisories/27297 SECUNIA:27439 URL:http://secunia.com/advisories/27439 SECUNIA:27599 URL:http://secunia.com/advisories/27599 SECUNIA:27718 URL:http://secunia.com/advisories/27718 SECUNIA:27743 URL:http://secunia.com/advisories/27743 SECUNIA:28345 URL:http://secunia.com/advisories/28345 SECUNIA:30168 URL:http://secunia.com/advisories/30168 SUSE:SUSE-SR:2007:023 URL:http://www.novell.com/linux/security/advisories/2007_23_sr.html UBUNTU:USN-515-1 URL:http://www.ubuntu.com/usn/usn-515-1 XF:php-imagepsloadfont-bo(35620) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
Assigning CNA
MITRE Corporation
Date Record Created
20070727	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)