CVE-2015-3905

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
t1utils_projectt1utils
1.38
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
t1utils
sid
1.41-4
fixed
trixie
1.41-4
fixed
bookworm
1.41-4
fixed
bullseye
1.41-4
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
t1utils
vivid
not-affected
utopic
Fixed 1.37-2.1ubuntu0.1
released
trusty
Fixed 1.37-2ubuntu1.1
released
precise
Fixed 1.37-1ubuntu0.1
released
Common Weakness Enumeration
References
http://ubuntu.com/usn/usn-2627-1
http://www.openwall.com/lists/oss-security/2015/05/13/9
http://www.openwall.com/lists/oss-security/2015/05/22/10
http://www.securityfocus.com/bid/74674
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274
https://bugzilla.redhat.com/show_bug.cgi?id=1218365
https://github.com/kohler/t1utils/blob/master/NEWS
https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33
https://github.com/kohler/t1utils/issues/4
https://security.gentoo.org/glsa/201507-10
http://ubuntu.com/usn/usn-2627-1
http://www.openwall.com/lists/oss-security/2015/05/13/9
http://www.openwall.com/lists/oss-security/2015/05/22/10
http://www.securityfocus.com/bid/74674
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274
https://bugzilla.redhat.com/show_bug.cgi?id=1218365
https://github.com/kohler/t1utils/blob/master/NEWS
https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33
https://github.com/kohler/t1utils/issues/4
https://security.gentoo.org/glsa/201507-10