CVE-2015-3905

Name of the Vulnerable Software and Affected Versions t1utils versions prior to 1.39

Description The issue is caused by a buffer overflow in the set cs start function in t1disasm.c, which can be triggered by a crafted font file. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

Recommendations For versions prior to 1.39, update to version 1.39 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted font files to minimize the risk of exploitation.