Lucene search

[email protected]CVE-2007-4033

HistoryJul 27, 2007 - 10:30 p.m.

CVE-2007-4033

2007-07-2722:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-4033

buffer overflow

t1lib

arbitrary code execution

security vulnerability

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

CPENameOperatorVersion
php:phpphpeq5.2.3
t1lib:t1libt1libeq5.1.1

CPE	Name	Operator	Version
php:php	php	eq	5.2.3
t1lib:t1lib	t1lib	eq	5.1.1

References

bugs.gentoo.org/show_bug.cgi?id=193437

fedoranews.org/updates/FEDORA-2007-234.shtml

secunia.com/advisories/26241

secunia.com/advisories/26901

secunia.com/advisories/26981

secunia.com/advisories/26992

secunia.com/advisories/27239

secunia.com/advisories/27297

secunia.com/advisories/27439

secunia.com/advisories/27599

secunia.com/advisories/27718

secunia.com/advisories/27743

secunia.com/advisories/28345

secunia.com/advisories/30168

security.gentoo.org/glsa/glsa-200710-12.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

wiki.rpath.com/wiki/Advisories:rPSA-2008-0007

www.bugtraq.ir/adv/t1lib.txt

www.debian.org/security/2007/dsa-1390

www.mandriva.com/security/advisories?name=MDKSA-2007:189

www.mandriva.com/security/advisories?name=MDKSA-2007:230

www.novell.com/linux/security/advisories/2007_23_sr.html

www.redhat.com/support/errata/RHSA-2007-1027.html

www.redhat.com/support/errata/RHSA-2007-1030.html

www.redhat.com/support/errata/RHSA-2007-1031.html

www.securityfocus.com/archive/1/480239/100/100/threaded

www.securityfocus.com/archive/1/480244/100/100/threaded

www.securityfocus.com/archive/1/485823/100/0/threaded

www.securityfocus.com/archive/1/487984/100/0/threaded

www.securityfocus.com/bid/25079

www.securitytracker.com/id?1018905

www.ubuntu.com/usn/usn-515-1

bugzilla.redhat.com/show_bug.cgi?id=303021

exchange.xforce.ibmcloud.com/vulnerabilities/35620

issues.rpath.com/browse/RPL-1972

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557

www.exploit-db.com/exploits/4227

www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2007-4033

nessus21 openvas26 osv1 debian2 ubuntu1 veracode1 prion1 fedora4 ubuntucve1 securityvulns1 gentoo1 redhat3 centos3 oraclelinux2