Description

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Remediation

References

CVE-2007-4033

Related Vulnerabilities

WordPress Plugin Brizy-Page Builder Unspecified Vulnerability (2.4.45)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)

PHP Other Vulnerability (CVE-2007-1379)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)

WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)

Severity

High

Classification

CVE-2007-4033 CWE-119

Tags

Missing Update Known Vulnerabilities