// For flags

CVE-2007-4033

T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Un desbordamiento de búfer en la función intTT1_EnvGetCompletePath en el archivo lib/t1lib/t1env.c en t1lib versión 5.1.1, permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de un parámetro FileName largo. NOTA: este problema se reportó originalmente de estar en la función imagepsloadfont en la biblioteca php_gd2.dll en la extensión gd (PHP_GD2) en PHP versión 5.2.3.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-26 First Exploit
  • 2007-07-27 CVE Reserved
  • 2007-07-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (43)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=193437 X_refsource_confirm
http://secunia.com/advisories/27297 Third Party Advisory
http://secunia.com/advisories/27718 Third Party Advisory
http://secunia.com/advisories/28345 Third Party Advisory
http://secunia.com/advisories/30168 Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007 X_refsource_confirm
http://www.bugtraq.ir/adv/t1lib.txt X_refsource_misc
http://www.securityfocus.com/archive/1/480239/100/100/threaded Mailing List
http://www.securityfocus.com/archive/1/480244/100/100/threaded Mailing List
http://www.securityfocus.com/archive/1/485823/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/487984/100/0/threaded Mailing List
http://www.securitytracker.com/id?1018905 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=303021 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/35620 Vdb Entry
https://issues.rpath.com/browse/RPL-1972 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557 Signature
URL Date SRC
https://www.exploit-db.com/exploits/30401 2007-07-26
https://www.exploit-db.com/exploits/4227 2024-08-07
http://www.securityfocus.com/bid/25079 2024-08-07
URL Date SRC
URL Date SRC
http://fedoranews.org/updates/FEDORA-2007-234.shtml 2018-10-15
http://secunia.com/advisories/26241 2018-10-15
http://secunia.com/advisories/26901 2018-10-15
http://secunia.com/advisories/26981 2018-10-15
http://secunia.com/advisories/26992 2018-10-15
http://secunia.com/advisories/27239 2018-10-15
http://secunia.com/advisories/27439 2018-10-15
http://secunia.com/advisories/27599 2018-10-15
http://secunia.com/advisories/27743 2018-10-15
http://security.gentoo.org/glsa/glsa-200710-12.xml 2018-10-15
http://security.gentoo.org/glsa/glsa-200711-34.xml 2018-10-15
http://security.gentoo.org/glsa/glsa-200805-13.xml 2018-10-15
http://www.debian.org/security/2007/dsa-1390 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:189 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 2018-10-15
http://www.novell.com/linux/security/advisories/2007_23_sr.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1027.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1030.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1031.html 2018-10-15
http://www.ubuntu.com/usn/usn-515-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-4033 2007-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=352271 2007-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.3
Search vendor "Php" for product "Php" and version "5.2.3"
-
Affected
T1lib
Search vendor "T1lib"
 T1lib
Search vendor "T1lib" for product "T1lib"
 5.1.1
Search vendor "T1lib" for product "T1lib" and version "5.1.1"
-
Affected