Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-4033

Published: 27/07/2007 Updated: 15/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to T1lib

Vulnerability Summary

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent malicious users to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Vulnerable Product Search on Vulmon Subscribe to Product

t1lib t1lib 5.1.1

php php 5.2.3

Vendor Advisories

Ubuntu Security Notice: t1lib vulnerability
It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution ...

Exploits

Exploit DB: PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
<?php /* PHP imagepsloadfont Buffer Overflow Vulnerability Discovered & Coded by: r0ut3r (writ3r [at] gmailcom) Vulnerable dll: php_gd2dll - Tested on WinXP SP0, PHP/523, Apache 224 The argument given was A * 9999 Access violation when reading [41414151] ---------------------------------------- Registers: ---------- EAX 77F76238 n ...
Exploit DB: T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
source: wwwsecurityfocuscom/bid/25079/info T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers An attacker can exploit this issue to execute arbitrary machine code in the context of applications that use the affect ...

References

CWE-119http://www.securityfocus.com/bid/25079http://www.bugtraq.ir/adv/t1lib.txthttps://bugzilla.redhat.com/show_bug.cgi?id=303021http://bugs.gentoo.org/show_bug.cgi?id=193437http://www.debian.org/security/2007/dsa-1390http://fedoranews.org/updates/FEDORA-2007-234.shtmlhttp://security.gentoo.org/glsa/glsa-200710-12.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:189http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.redhat.com/support/errata/RHSA-2007-1027.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1030.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1031.htmlhttp://www.novell.com/linux/security/advisories/2007_23_sr.htmlhttp://www.ubuntu.com/usn/usn-515-1http://www.securitytracker.com/id?1018905http://secunia.com/advisories/26241http://secunia.com/advisories/26992http://secunia.com/advisories/26981http://secunia.com/advisories/26901http://secunia.com/advisories/27239http://secunia.com/advisories/27599http://secunia.com/advisories/27297http://secunia.com/advisories/27743http://secunia.com/advisories/27439https://issues.rpath.com/browse/RPL-1972http://secunia.com/advisories/28345https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.htmlhttp://secunia.com/advisories/27718http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007http://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://secunia.com/advisories/30168https://exchange.xforce.ibmcloud.com/vulnerabilities/35620https://www.exploit-db.com/exploits/4227https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/archive/1/485823/100/0/threadedhttp://www.securityfocus.com/archive/1/480244/100/100/threadedhttp://www.securityfocus.com/archive/1/480239/100/100/threadedhttps://usn.ubuntu.com/515-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/4227/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook