Red Hat Bugzilla – Bug 303021
CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Last modified: 2007-11-30 17:12:16 EST
Description of problem:
Please see  and  for more information,  contains the patch.
This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection,
as the overflow is strcat() call which is protected.
According to the Gentoo bug, the CVE identifier for this was requested.
CVE name is CVE-2007-4033, which was originally described as php_gd2
vulnerability. Description on CVE site is already updated.
I read it here as well
I am applying the fix and rebuilding for FC-6, F-7 and F-8.
Build finished for F-7 and F-8. I will issue the build for FC-6 later (due to
problems with plague and the local firewall).
t1lib-5.1.1-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.