CVE - CVE-2007-4033

CVE-ID
CVE-2007-4033	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070921 Re: [Full-disclosure] [USN-515-1] t1lib vulnerability URL:http://www.securityfocus.com/archive/1/480239/100/100/threaded BUGTRAQ:20070921 Re: [USN-515-1] t1lib vulnerability URL:http://www.securityfocus.com/archive/1/480244/100/100/threaded BUGTRAQ:20080105 rPSA-2008-0007-1 tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi URL:http://www.securityfocus.com/archive/1/485823/100/0/threaded BUGTRAQ:20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts URL:http://www.securityfocus.com/archive/1/487984/100/0/threaded MISC:http://www.bugtraq.ir/adv/t1lib.txt EXPLOIT-DB:4227 URL:https://www.exploit-db.com/exploits/4227 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=303021 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=193437 CONFIRM:https://issues.rpath.com/browse/RPL-1972 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007 DEBIAN:DSA-1390 URL:http://www.debian.org/security/2007/dsa-1390 FEDORA:FEDORA-2007-2343 URL:http://fedoranews.org/updates/FEDORA-2007-234.shtml FEDORA:FEDORA-2007-3390 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html FEDORA:FEDORA-2007-750 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html GENTOO:GLSA-200710-12 URL:http://security.gentoo.org/glsa/glsa-200710-12.xml GENTOO:GLSA-200711-34 URL:http://security.gentoo.org/glsa/glsa-200711-34.xml GENTOO:GLSA-200805-13 URL:http://security.gentoo.org/glsa/glsa-200805-13.xml MANDRIVA:MDKSA-2007:189 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:189 MANDRIVA:MDKSA-2007:230 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 REDHAT:RHSA-2007:1027 URL:http://www.redhat.com/support/errata/RHSA-2007-1027.html REDHAT:RHSA-2007:1030 URL:http://www.redhat.com/support/errata/RHSA-2007-1030.html REDHAT:RHSA-2007:1031 URL:http://www.redhat.com/support/errata/RHSA-2007-1031.html SUSE:SUSE-SR:2007:023 URL:http://www.novell.com/linux/security/advisories/2007_23_sr.html UBUNTU:USN-515-1 URL:http://www.ubuntu.com/usn/usn-515-1 BID:25079 URL:http://www.securityfocus.com/bid/25079 OVAL:oval:org.mitre.oval:def:10557 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 SECTRACK:1018905 URL:http://www.securitytracker.com/id?1018905 SECUNIA:26241 URL:http://secunia.com/advisories/26241 SECUNIA:26992 URL:http://secunia.com/advisories/26992 SECUNIA:26981 URL:http://secunia.com/advisories/26981 SECUNIA:26901 URL:http://secunia.com/advisories/26901 SECUNIA:27239 URL:http://secunia.com/advisories/27239 SECUNIA:27599 URL:http://secunia.com/advisories/27599 SECUNIA:27297 URL:http://secunia.com/advisories/27297 SECUNIA:27743 URL:http://secunia.com/advisories/27743 SECUNIA:27439 URL:http://secunia.com/advisories/27439 SECUNIA:28345 URL:http://secunia.com/advisories/28345 SECUNIA:27718 URL:http://secunia.com/advisories/27718 SECUNIA:30168 URL:http://secunia.com/advisories/30168 XF:php-imagepsloadfont-bo(35620) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35620
Assigning CNA
N/A
Date Entry Created
20070727	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.