Bug 303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Summary: CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Alias: None
Product: Fedora
Classification: Fedora
Component: t1lib
Version: 7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: José Matos
QA Contact: Fedora Extras Quality Assurance
URL: http://www.bugtraq.ir/adv/t1lib.txt
Whiteboard: impact=none?
Depends On:
Blocks: CVE-2007-4033
TreeView+ depends on / blocked
Reported: 2007-09-24 13:47 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: t1lib-5.1.1-3.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-09-27 16:18:33 UTC
Type: ---

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-09-24 13:47:37 UTC
Description of problem:

Please see [1] and [2] for more information, [3] contains the patch.
[1] http://www.bugtraq.ir/adv/t1lib.txt
[2] http://secunia.com/advisories/26241/
[3] http://bugs.gentoo.org/show_bug.cgi?id=193437

Additional info:

This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection,
as the overflow is strcat() call which is protected.

According to the Gentoo bug, the CVE identifier for this was requested.

Comment 1 Tomas Hoger 2007-09-27 12:15:15 UTC
CVE name is CVE-2007-4033, which was originally described as php_gd2
vulnerability.  Description on CVE site is already updated.

Comment 2 José Matos 2007-09-27 15:01:49 UTC
I read it here as well

I am applying the fix and rebuilding for FC-6, F-7 and F-8.

Comment 3 José Matos 2007-09-27 16:18:33 UTC
Build finished for F-7 and F-8. I will issue the build for FC-6 later (due to 
problems with plague and the local firewall).

Comment 4 Fedora Update System 2007-09-28 21:21:44 UTC
t1lib-5.1.1-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.