ID CVE-2015-4588 Type cve Reporter NVD Modified 2017-09-21T21:29:17
Description
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
{"result": {"openvas": [{"id": "OPENVAS:1361412562310869463", "type": "openvas", "title": "Fedora Update for libwmf FEDORA-2015-9674", "description": "Check the version of libwmf", "published": "2015-06-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869463", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "lastseen": "2017-07-25T10:53:38"}, {"id": "OPENVAS:1361412562310882299", "type": "openvas", "title": "CentOS Update for libwmf CESA-2015:1917 centos6 ", "description": "Check the version of libwmf", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882299", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-25T10:52:44"}, {"id": "OPENVAS:1361412562310122715", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1917", "description": "Oracle Linux Local Security Checks ELSA-2015-1917", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122715", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-24T12:53:12"}, {"id": "OPENVAS:1361412562310842276", "type": "openvas", "title": "Ubuntu Update for libwmf USN-2670-1", "description": "Check the version of libwmf", "published": "2015-07-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842276", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-12-04T11:24:02"}, {"id": "OPENVAS:703302", "type": "openvas", "title": "Debian Security Advisory DSA 3302-1 (libwmf - security update)", "description": "Insufficient input sanitising\nin libwmf, a library to process Windows metafile data, may result in denial of\nservice or the execution of arbitrary code if a malformed WMF file is opened.", "published": "2015-07-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703302", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-24T12:53:47"}, {"id": "OPENVAS:1361412562310869822", "type": "openvas", "title": "Fedora Update for libwmf FEDORA-2015-10601", "description": "Check the version of libwmf", "published": "2015-07-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869822", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-25T10:53:48"}, {"id": "OPENVAS:1361412562310703302", "type": "openvas", "title": "Debian Security Advisory DSA 3302-1 (libwmf - security update)", "description": "Insufficient input sanitising\nin libwmf, a library to process Windows metafile data, may result in denial of\nservice or the execution of arbitrary code if a malformed WMF file is opened.", "published": "2015-07-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703302", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2018-04-06T11:29:19"}, {"id": "OPENVAS:1361412562310871460", "type": "openvas", "title": "RedHat Update for libwmf RHSA-2015:1917-01", "description": "Check the version of libwmf", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871460", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-27T10:53:27"}, {"id": "OPENVAS:1361412562310121442", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201602-03", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201602-03", "published": "2016-03-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121442", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-12-08T11:51:38"}, {"id": "OPENVAS:1361412562310882298", "type": "openvas", "title": "CentOS Update for libwmf CESA-2015:1917 centos7 ", "description": "Check the version of libwmf", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882298", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-07-25T10:53:29"}], "nessus": [{"id": "FEDORA_2015-9674.NASL", "type": "nessus", "title": "Fedora 21 : libwmf-0.2.8.4-43.fc21 (2015-9674)", "description": "CVE-2015-0848 heap overflow when decoding BMP images CVE-2015-0848 heap overflow when decoding BMP images\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-06-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84377", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "lastseen": "2017-10-29T13:37:47"}, {"id": "DEBIAN_DLA-253.NASL", "type": "nessus", "title": "Debian DLA-253-1 : libwmf security update", "description": "The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files :\n\nCVE-2015-0848\n\nA heap overflow when decoding embedded BMP images that don't use 8 bits per pixel. CVE-2015-4588\n\nA missing check in the RLE decoding of embedded BMP images.\n\nWe recommend that you update your libwmf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-06-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84407", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "lastseen": "2017-10-29T13:35:16"}, {"id": "OPENSUSE-2015-444.NASL", "type": "nessus", "title": "openSUSE Security Update : libwmf (openSUSE-2015-444)", "description": "libwmf was updated to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)", "published": "2015-06-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84385", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "lastseen": "2017-10-29T13:37:06"}, {"id": "OPENSUSE-2015-443.NASL", "type": "nessus", "title": "openSUSE Security Update : libwmf (openSUSE-2015-443)", "description": "libwmf was updated to fix three security issues and one non-security bug.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)\n\n - CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299)\n\nThe following non-security bug was fixed :\n\n - boo#892356: Make libwmf-tools not depend on libwmf-devel", "published": "2015-06-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84384", "cvelist": ["CVE-2015-4588", "CVE-2009-1364", "CVE-2015-0848"], "lastseen": "2017-10-29T13:34:13"}, {"id": "CENTOS_RHSA-2015-1917.NASL", "type": "nessus", "title": "CentOS 6 / 7 : libwmf (CESA-2015:1917)", "description": "Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86485", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:44:16"}, {"id": "UBUNTU_USN-2670-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : libwmf vulnerabilities (USN-2670-1)", "description": "Fernando Munoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-07-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84635", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:36:09"}, {"id": "REDHAT-RHSA-2015-1917.NASL", "type": "nessus", "title": "RHEL 6 / 7 : libwmf (RHSA-2015:1917)", "description": "Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.", "published": "2015-10-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86488", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:33:01"}, {"id": "SUSE_SU-2015-1378-1.NASL", "type": "nessus", "title": "SUSE SLED11 Security Update : libwmf (SUSE-SU-2015:1378-1)", "description": "libwmf was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109).\n\n - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109).\n\n - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062).\n\n - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-08-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85399", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:37:39"}, {"id": "DEBIAN_DSA-3302.NASL", "type": "nessus", "title": "Debian DSA-3302-1 : libwmf - security update", "description": "Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.", "published": "2015-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84552", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:35:09"}, {"id": "OPENSUSE-2015-477.NASL", "type": "nessus", "title": "openSUSE Security Update : libwmf (openSUSE-2015-477)", "description": "libwmf was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-4588: Heap overflow (bnc#933109).\n\n - CVE-2015-4696: Use after free (bnc#936062).\n\n - CVE-2015-4695: Heap buffer over read (bnc#936058).\n\n - CVE-2015-0848: Heap overflow (bnc#933109).", "published": "2015-07-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84656", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-29T13:38:25"}], "debian": [{"id": "DLA-253", "type": "debian", "title": "libwmf -- LTS security update", "description": "The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files:\n\n * [CVE-2015-0848](<https://security-tracker.debian.org/tracker/CVE-2015-0848>)\n\nA heap overflow when decoding embedded BMP images that don't use 8 bits per pixel.\n\n * [CVE-2015-4588](<https://security-tracker.debian.org/tracker/CVE-2015-4588>)\n\nA missing check in the RLE decoding of embedded BMP images.\n\nWe recommend that you update your libwmf packages.", "published": "2015-06-26T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-253", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "lastseen": "2016-09-02T12:57:02"}, {"id": "DSA-3302", "type": "debian", "title": "libwmf -- security update", "description": "Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 0.2.8.4-10.3+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in version 0.2.8.4-10.3+deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your libwmf packages.", "published": "2015-07-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3302", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2016-09-02T18:29:13"}], "ubuntu": [{"id": "USN-2670-1", "type": "ubuntu", "title": "libwmf vulnerabilities", "description": "Fernando Mu\u00f1oz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.", "published": "2015-07-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2670-1/", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2018-03-29T18:21:00"}], "gentoo": [{"id": "GLSA-201602-03", "type": "gentoo", "title": "libwmf: Multiple vulnerabilities", "description": "### Background\n\nlibwmf is a library for converting WMF files.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nAll libwmf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libwmf-0.2.8.4-r6\"", "published": "2016-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201602-03", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2016-09-06T19:46:18"}], "centos": [{"id": "CESA-2015:1917", "type": "centos", "title": "libwmf security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1917\n\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021434.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021435.html\n\n**Affected packages:**\nlibwmf\nlibwmf-devel\nlibwmf-lite\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1917.html", "published": "2015-10-20T17:05:25", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-October/021434.html", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2017-10-03T18:26:03"}], "redhat": [{"id": "RHSA-2015:1917", "type": "redhat", "title": "(RHSA-2015:1917) Important: libwmf security update", "description": "libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n", "published": "2015-10-20T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1917", "cvelist": ["CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"], "lastseen": "2018-04-15T14:25:44"}], "oraclelinux": [{"id": "ELSA-2015-1917", "type": "oraclelinux", "title": "libwmf security update", "description": "[0.2.8.4-25]\n- Resolves: rhbz#1227428 - CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696\n[0.2.8.4-24]\n- Resolves: rhbz#1227429 CVE-2015-0848 libwmf: heap overflow when decoding BMP images", "published": "2015-10-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1917.html", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2016-09-04T11:16:26"}], "amazon": [{"id": "ALAS-2015-604", "type": "amazon", "title": "Important: libwmf", "description": "**Issue Overview:**\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. ([CVE-2015-0848 __](<https://access.redhat.com/security/cve/CVE-2015-0848>), [CVE-2015-4588 __](<https://access.redhat.com/security/cve/CVE-2015-4588>))\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. ([CVE-2015-4696 __](<https://access.redhat.com/security/cve/CVE-2015-4696>))\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. ([CVE-2015-4695 __](<https://access.redhat.com/security/cve/CVE-2015-4695>))\n\nThe gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. ([CVE-2007-2756 __](<https://access.redhat.com/security/cve/CVE-2007-2756>))\n\nBuffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. ([CVE-2007-0455 __](<https://access.redhat.com/security/cve/CVE-2007-0455>))\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than [CVE-2009-3293 __](<https://access.redhat.com/security/cve/CVE-2009-3293>). NOTE: some of these details are obtained from third party information. ([CVE-2009-3546 __](<https://access.redhat.com/security/cve/CVE-2009-3546>))\n\nInteger overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. ([CVE-2007-3472 __](<https://access.redhat.com/security/cve/CVE-2007-3472>))\n\nThe gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. ([CVE-2007-3473 __](<https://access.redhat.com/security/cve/CVE-2007-3473>))\n\n \n**Affected Packages:** \n\n\nlibwmf\n\n \n**Issue Correction:** \nRun _yum update libwmf_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n libwmf-debuginfo-0.2.8.4-41.11.amzn1.i686 \n libwmf-devel-0.2.8.4-41.11.amzn1.i686 \n libwmf-0.2.8.4-41.11.amzn1.i686 \n libwmf-lite-0.2.8.4-41.11.amzn1.i686 \n \n src: \n libwmf-0.2.8.4-41.11.amzn1.src \n \n x86_64: \n libwmf-lite-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-devel-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-debuginfo-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-0.2.8.4-41.11.amzn1.x86_64 \n \n \n", "published": "2015-10-27T13:51:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-604.html", "cvelist": ["CVE-2009-3546", "CVE-2007-2756", "CVE-2015-4695", "CVE-2007-3472", "CVE-2007-0455", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-4696", "CVE-2009-3293", "CVE-2015-0848"], "lastseen": "2016-09-28T21:04:02"}], "freebsd": [{"id": "CA139C7F-2A8C-11E5-A4A5-002590263BF5", "type": "freebsd", "title": "libwmf -- multiple vulnerabilities", "description": "\nMitre reports:\n\nMultiple buffer overflows in the gd graphics library (libgd) 2.0.21\n\t and earlier may allow remote attackers to execute arbitrary code via\n\t malformed image files that trigger the overflows due to improper\n\t calls to the gdMalloc function, a different set of vulnerabilities\n\t than CVE-2004-0990.\n\n\nBuffer overflow in the gdImageStringFTEx function in gdft.c in GD\n\t Graphics Library 2.0.33 and earlier allows remote attackers to cause\n\t a denial of service (application crash) and possibly execute\n\t arbitrary code via a crafted string with a JIS encoded font.\n\n\nThe gdPngReadData function in libgd 2.0.34 allows user-assisted\n\t attackers to cause a denial of service (CPU consumption) via a\n\t crafted PNG image with truncated data, which causes an infinite loop\n\t in the png_read_info function in libpng.\n\n\nInteger overflow in gdImageCreateTrueColor function in the GD\n\t Graphics Library (libgd) before 2.0.35 allows user-assisted remote\n\t attackers to have unspecified attack vectors and impact.\n\n\nThe gdImageCreateXbm function in the GD Graphics Library (libgd)\n\t before 2.0.35 allows user-assisted remote attackers to cause a\n\t denial of service (crash) via unspecified vectors involving a\n\t gdImageCreate failure.\n\n\nThe (a) imagearc and (b) imagefilledarc functions in GD Graphics\n\t Library (libgd) before 2.0.35 allow attackers to cause a denial of\n\t service (CPU consumption) via a large (1) start or (2) end angle\n\t degree value.\n\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before\n\t 5.3.1, and the GD Graphics Library 2.x, does not properly verify a\n\t certain colorsTotal structure member, which might allow remote\n\t attackers to conduct buffer overflow or buffer over-read attacks via\n\t a crafted GD file, a different vulnerability than CVE-2009-3293.\n\t NOTE: some of these details are obtained from third party\n\t information.\n\n\nHeap-based buffer overflow in libwmf 0.2.8.4 allows remote\n\t attackers to cause a denial of service (crash) or possibly execute\n\t arbitrary code via a crafted BMP image.\n\n\nmeta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial\n\t of service (out-of-bounds read) via a crafted WMF file.\n\n\nUse-after-free vulnerability in libwmf 0.2.8.4 allows remote\n\t attackers to cause a denial of service (crash) via a crafted WMF\n\t file to the (1) wmf2gd or (2) wmf2eps command.\n\n\nHeap-based buffer overflow in the DecodeImage function in libwmf\n\t 0.2.8.4 allows remote attackers to cause a denial of service (crash)\n\t or possibly execute arbitrary code via a crafted \"run-length count\"\n\t in an image in a WMF file.\n\n", "published": "2004-10-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/ca139c7f-2a8c-11e5-a4a5-002590263bf5.html", "cvelist": ["CVE-2009-3546", "CVE-2004-0941", "CVE-2007-2756", "CVE-2015-4695", "CVE-2007-3477", "CVE-2007-3472", "CVE-2007-0455", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "lastseen": "2016-09-26T17:24:17"}]}}
