CVE-2007-4033

Name of the Vulnerable Software and Affected Versions t1lib versions prior to 5.0.2-r1 t1lib-bin (affected versions not specified) libt1-dev (affected versions not specified) libt1-doc (affected versions not specified) libt1-5 (affected versions not specified) tetex-latex-3.0 (affected versions not specified) tetex-xdvi-3.0 (affected versions not specified) tetex-dvips-3.0 (affected versions not specified) tetex-doc-3.0 (affected versions not specified) tetex-3.0 (affected versions not specified) tetex-fonts-3.0 (affected versions not specified) tetex-afm-3.0 (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages, including t1lib and tetex, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in the intT1 EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter.

Recommendations For t1lib versions prior to 5.0.2-r1, update to version 5.0.2-r1 or later. For t1lib-bin, libt1-dev, libt1-doc, libt1-5, tetex-latex-3.0, tetex-xdvi-3.0, tetex-dvips-3.0, tetex-doc-3.0, tetex-3.0, tetex-fonts-3.0, and tetex-afm-3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.