Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:
- CVE-2015-3905
Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
before 1.39 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted font file.
For Debian 6 Squeeze, this issue has been fixed in t1utils version
1.36-1+deb6u1.