CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.2%
Package : t1utils
Version : 1.36-1+deb6u1
CVE ID : CVE-2015-3905
Debian Bug : 779274
Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:
CVE-2015-3905
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
before 1.39 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted font file.
For Debian 6 "Squeeze", this issue has been fixed in t1utils version
1.36-1+deb6u1.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | i386 | t1utils | < 1.36-1+deb6u1 | t1utils_1.36-1+deb6u1_i386.deb |
Debian | 6 | amd64 | t1utils | < 1.36-1+deb6u1 | t1utils_1.36-1+deb6u1_amd64.deb |
Debian | 6 | all | t1utils | < 1.36-1+deb6u1 | t1utils_1.36-1+deb6u1_all.deb |