ID CVE-2015-4588 Type cve Reporter NVD Modified 2017-09-21T21:29:17
Description
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
{"openvas": [{"lastseen": "2018-09-01T23:50:24", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html", "2015-9674"], "pluginID": "1361412562310869463", "description": "Check the version of libwmf", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-25T00:00:00", "title": "Fedora Update for libwmf FEDORA-2015-9674", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869463", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libwmf FEDORA-2015-9674\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869463\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-25 06:31:38 +0200 (Thu, 25 Jun 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libwmf FEDORA-2015-9674\");\n script_tag(name: \"summary\", value: \"Check the version of libwmf\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"A library for reading and converting\nWindows MetaFile vector graphics (WMF).\n\");\n script_tag(name: \"affected\", value: \"libwmf on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-9674\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~43.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:58", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-October/021434.html", "2015:1917"], "pluginID": "1361412562310882299", "description": "Check the version of libwmf", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-21T00:00:00", "title": "CentOS Update for libwmf CESA-2015:1917 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libwmf CESA-2015:1917 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882299\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-21 07:11:37 +0200 (Wed, 21 Oct 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libwmf CESA-2015:1917 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libwmf\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libwmf on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1917\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-October/021434.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~25.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~25.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~25.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:29", "references": ["http://www.ubuntu.com/usn/usn-2670-1/", "2670-1"], "pluginID": "1361412562310842276", "description": "Check the version of libwmf", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-09T00:00:00", "title": "Ubuntu Update for libwmf USN-2670-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842276", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libwmf USN-2670-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842276\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-09 06:37:46 +0200 (Thu, 09 Jul 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libwmf USN-2670-1\");\n script_tag(name:\"summary\", value:\"Check the version of libwmf\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Fernando Muñ oz and Stefan Cornelius\ndiscovered that libwmf incorrectly handled certain malformed images. If a user\nor automated system were tricked into opening a crafted image file, an attacker\ncould cause a denial of service or execute arbitrary code with privileges of the\nuser invoking the program.\");\n script_tag(name:\"affected\", value:\"libwmf on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2670-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2670-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwmf0.2-7:amd64\", ver:\"0.2.8.4-10.3ubuntu1.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwmf0.2-7:i386\", ver:\"0.2.8.4-10.3ubuntu1.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwmf0.2-7:amd64\", ver:\"0.2.8.4-10.3ubuntu1.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwmf0.2-7:i386\", ver:\"0.2.8.4-10.3ubuntu1.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwmf0.2-7\", ver:\"0.2.8.4-10ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:39", "references": ["http://linux.oracle.com/errata/ELSA-2015-1917.html"], "pluginID": "1361412562310122715", "description": "Oracle Linux Local Security Checks ELSA-2015-1917", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-21T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1917", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122715", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-1917.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122715\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-21 13:05:26 +0300 (Wed, 21 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-1917\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-1917 - libwmf security update - [0.2.8.4-25]- Resolves: rhbz#1227428 - CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696[0.2.8.4-24]- Resolves: rhbz#1227429 CVE-2015-0848 libwmf: heap overflow when decoding BMP images\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-1917\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-1917.html\");\nscript_cve_id(\"CVE-2015-0848\",\"CVE-2015-4588\",\"CVE-2015-4695\",\"CVE-2015-4696\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~41.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~41.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~41.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~25.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~25.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~25.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:22", "references": ["https://advisories.mageia.org/MGASA-2015-0261.html"], "pluginID": "1361412562310130116", "description": "Mageia Linux Local Security Checks mgasa-2015-0261", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-15T00:00:00", "title": "Mageia Linux Local Check: mgasa-2015-0261", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310130116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130116", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0261.nasl 6563 2017-07-06 12:23:47Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130116\");\nscript_version(\"$Revision: 6563 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:42:54 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:23:47 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0261\");\nscript_tag(name: \"insight\", value: \"It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0848, CVE-2015-4588). Two out of bounds reads in libwmf were also discovered, one in the meta_pen_create() function in player/meta.h (CVE-2015-4695) and one in wmf2gd.c and wmf2eps.c (CVE-2015-4696)\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0261.html\");\nscript_cve_id(\"CVE-2015-0848\",\"CVE-2015-4588\",\"CVE-2015-4695\",\"CVE-2015-4696\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0261\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~32.2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:56", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161636.html", "2015-10627"], "pluginID": "1361412562310869739", "description": "Check the version of libwmf", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-11T00:00:00", "title": "Fedora Update for libwmf FEDORA-2015-10627", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869739", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libwmf FEDORA-2015-10627\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869739\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-11 06:04:29 +0200 (Sat, 11 Jul 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libwmf FEDORA-2015-10627\");\n script_tag(name: \"summary\", value: \"Check the version of libwmf\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"A library for reading and converting\nWindows MetaFile vector graphics (WMF).\n\");\n script_tag(name: \"affected\", value: \"libwmf on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-10627\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161636.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~45.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:13", "references": ["2015:1917", "http://lists.centos.org/pipermail/centos-announce/2015-October/021435.html"], "pluginID": "1361412562310882298", "description": "Check the version of libwmf", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-21T00:00:00", "title": "CentOS Update for libwmf CESA-2015:1917 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882298", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libwmf CESA-2015:1917 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882298\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-21 07:11:25 +0200 (Wed, 21 Oct 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libwmf CESA-2015:1917 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of libwmf\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libwmf on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1917\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-October/021435.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~41.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~41.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~41.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:19", "references": ["2015:1917-01", "https://www.redhat.com/archives/rhsa-announce/2015-October/msg00025.html"], "pluginID": "1361412562310871460", "description": "Check the version of libwmf", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-21T00:00:00", "title": "RedHat Update for libwmf RHSA-2015:1917-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libwmf RHSA-2015:1917-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871460\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-21 07:10:12 +0200 (Wed, 21 Oct 2015)\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libwmf RHSA-2015:1917-01\");\n script_tag(name: \"summary\", value: \"Check the version of libwmf\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n\");\n script_tag(name: \"affected\", value: \"libwmf on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:1917-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-October/msg00025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~41.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~41.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~41.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~25.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~25.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~25.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:19", "references": ["https://security.gentoo.org/glsa/201602-03"], "pluginID": "1361412562310121442", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201602-03", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-03-02T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201602-03", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:1361412562310121442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121442", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201602-03.nasl 8032 2017-12-07 14:40:57Z teissa $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121442\");\nscript_version(\"$Revision: 8032 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-02 07:03:17 +0200 (Wed, 02 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 15:40:57 +0100 (Thu, 07 Dec 2017) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201602-03\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201602-03\");\nscript_cve_id(\"CVE-2015-0848\",\"CVE-2015-4588\",\"CVE-2015-4695\",\"CVE-2015-4696\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name: \"summary\" , value: \"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201602-03\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/libwmf\", unaffected: make_list(\"ge 0.2.8.4-r6\"), vulnerable: make_list(\"lt 0.2.8.4-r6\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:47", "references": ["http://www.debian.org/security/2015/dsa-3302.html"], "pluginID": "703302", "description": "Insufficient input sanitising\nin libwmf, a library to process Windows metafile data, may result in denial of\nservice or the execution of arbitrary code if a malformed WMF file is opened.", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-07-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 3302-1 (libwmf - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703302", "id": "OPENVAS:703302", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3302.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3302-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703302);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_name(\"Debian Security Advisory DSA 3302-1 (libwmf - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-06 00:00:00 +0200 (Mon, 06 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3302.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libwmf on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 0.2.8.4-10.3+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.2.8.4-10.3+deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your libwmf packages.\");\n script_tag(name: \"summary\", value: \"Insufficient input sanitising\nin libwmf, a library to process Windows metafile data, may result in denial of\nservice or the execution of arbitrary code if a malformed WMF file is opened.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwmf-bin\", ver:\"0.2.8.4-10.3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwmf-dev\", ver:\"0.2.8.4-10.3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwmf-doc\", ver:\"0.2.8.4-10.3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwmf0.2-7:amd64\", ver:\"0.2.8.4-10.3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwmf0.2-7:i386\", ver:\"0.2.8.4-10.3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T12:57:02", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-6.2+deb6u1", "arch": "all", "packageFilename": "libwmf_0.2.8.4-6.2+deb6u1_all.deb", "packageName": "libwmf", "operator": "lt"}], "description": "The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files:\n\n * [CVE-2015-0848](<https://security-tracker.debian.org/tracker/CVE-2015-0848>)\n\nA heap overflow when decoding embedded BMP images that don't use 8 bits per pixel.\n\n * [CVE-2015-4588](<https://security-tracker.debian.org/tracker/CVE-2015-4588>)\n\nA missing check in the RLE decoding of embedded BMP images.\n\nWe recommend that you update your libwmf packages.", "edition": 1, "reporter": "Debian", "published": "2015-06-26T00:00:00", "title": "libwmf -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "modified": "2015-06-26T00:00:00", "id": "DLA-253", "href": "http://www.debian.org/security/2015/dla-253", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:29:13", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-10.3+deb7u1", "packageFilename": "libwmf-dev_0.2.8.4-10.3+deb7u1_all.deb", "packageName": "libwmf-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.8.4-10.3+deb8u1", "packageFilename": "libwmf-bin_0.2.8.4-10.3+deb8u1_all.deb", "packageName": "libwmf-bin", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.8.4-10.3+deb8u1", "packageFilename": "libwmf0.2-7_0.2.8.4-10.3+deb8u1_all.deb", "packageName": "libwmf0.2-7", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.8.4-10.3+deb8u1", "packageFilename": "libwmf_0.2.8.4-10.3+deb8u1_all.deb", "packageName": "libwmf", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-10.3+deb7u1", "packageFilename": "libwmf-bin_0.2.8.4-10.3+deb7u1_all.deb", "packageName": "libwmf-bin", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-10.3+deb7u1", "packageFilename": "libwmf0.2-7_0.2.8.4-10.3+deb7u1_all.deb", "packageName": "libwmf0.2-7", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-10.3+deb7u1", "packageFilename": "libwmf-doc_0.2.8.4-10.3+deb7u1_all.deb", "packageName": "libwmf-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.8.4-10.3+deb8u1", "packageFilename": "libwmf-doc_0.2.8.4-10.3+deb8u1_all.deb", "packageName": "libwmf-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "0.2.8.4-10.3+deb8u1", "packageFilename": "libwmf-dev_0.2.8.4-10.3+deb8u1_all.deb", "packageName": "libwmf-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-10.3+deb7u1", "packageFilename": "libwmf_0.2.8.4-10.3+deb7u1_all.deb", "packageName": "libwmf", "arch": "all", "operator": "lt"}], "description": "Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 0.2.8.4-10.3+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in version 0.2.8.4-10.3+deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your libwmf packages.", "edition": 1, "reporter": "Debian", "published": "2015-07-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "title": "libwmf -- security update", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-07-06T00:00:00", "id": "DSA-3302", "href": "http://www.debian.org/security/dsa-3302", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:37:29", "references": ["https://lists.debian.org/debian-lts-announce/2015/06/msg00020.html", "https://packages.debian.org/source/squeeze-lts/libwmf"], "pluginID": "84407", "description": "The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files :\n\nCVE-2015-0848\n\nA heap overflow when decoding embedded BMP images that don't use 8 bits per pixel. CVE-2015-4588\n\nA missing check in the RLE decoding of embedded BMP images.\n\nWe recommend that you update your libwmf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-06-26T00:00:00", "title": "Debian DLA-253-1 : libwmf security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libwmf-bin", "p-cpe:/a:debian:debian_linux:libwmf-doc", "p-cpe:/a:debian:debian_linux:libwmf0.2-7", "p-cpe:/a:debian:debian_linux:libwmf-dev"], "id": "DEBIAN_DLA-253.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84407", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-253-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84407);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\");\n script_bugtraq_id(74923, 75230);\n\n script_name(english:\"Debian DLA-253-1 : libwmf security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities were discovered in the Windows Metafile\nconversion library when reading BMP images embedded into WMF files :\n\nCVE-2015-0848\n\nA heap overflow when decoding embedded BMP images that don't use 8\nbits per pixel. CVE-2015-4588\n\nA missing check in the RLE decoding of embedded BMP images.\n\nWe recommend that you update your libwmf packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libwmf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwmf-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwmf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwmf-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwmf0.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libwmf-bin\", reference:\"0.2.8.4-6.2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwmf-dev\", reference:\"0.2.8.4-6.2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwmf-doc\", reference:\"0.2.8.4-6.2+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwmf0.2-7\", reference:\"0.2.8.4-6.2+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:01", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=933109"], "pluginID": "84385", "description": "libwmf was updated to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)", "edition": 4, "reporter": "Tenable", "published": "2015-06-25T00:00:00", "title": "openSUSE Security Update : libwmf (openSUSE-2015-444)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "modified": "2015-07-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwmf-tools-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-debugsource", "p-cpe:/a:novell:opensuse:libwmf-devel", "p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-tools", "p-cpe:/a:novell:opensuse:libwmf-0_2-7", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libwmf-gnome", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-32bit", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwmf-gnome-32bit"], "id": "OPENSUSE-2015-444.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-444.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84385);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/07/06 13:45:35 $\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\");\n\n script_name(english:\"openSUSE Security Update : libwmf (openSUSE-2015-444)\");\n script_summary(english:\"Check for the openSUSE-2015-444 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libwmf was updated to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim\n into opening a specially crafted WMF file with BMP\n portions in a libwmf based application could have\n executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim\n into opening a specially crafted WMF file in a libwmf\n based application could have executed arbitrary code\n through incorrect run-length encoding. (boo#933109)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933109\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-0_2-7-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-0_2-7-debuginfo-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-debugsource-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-devel-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-gnome-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-gnome-debuginfo-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-tools-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwmf-tools-debuginfo-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-32bit-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-debuginfo-32bit-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwmf-gnome-32bit-0.2.8.4-239.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwmf-gnome-debuginfo-32bit-0.2.8.4-239.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf-0_2-7 / libwmf-0_2-7-32bit / libwmf-0_2-7-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:30", "references": ["http://www.nessus.org/u?2749ec58", "https://bugzilla.redhat.com/show_bug.cgi?id=1227243"], "pluginID": "84377", "description": "CVE-2015-0848 heap overflow when decoding BMP images CVE-2015-0848 heap overflow when decoding BMP images\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-06-25T00:00:00", "title": "Fedora 21 : libwmf-0.2.8.4-43.fc21 (2015-9674)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4588", "CVE-2015-0848"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libwmf", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-9674.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84377", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9674.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84377);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:22:35 $\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\");\n script_xref(name:\"FEDORA\", value:\"2015-9674\");\n\n script_name(english:\"Fedora 21 : libwmf-0.2.8.4-43.fc21 (2015-9674)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-0848 heap overflow when decoding BMP images CVE-2015-0848\nheap overflow when decoding BMP images\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1227243\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2749ec58\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"libwmf-0.2.8.4-43.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:01", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=495842", "https://bugzilla.opensuse.org/show_bug.cgi?id=892356", "https://bugzilla.opensuse.org/show_bug.cgi?id=933109", "https://bugzilla.opensuse.org/show_bug.cgi?id=831299"], "pluginID": "84384", "description": "libwmf was updated to fix three security issues and one non-security bug.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)\n\n - CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299)\n\nThe following non-security bug was fixed :\n\n - boo#892356: Make libwmf-tools not depend on libwmf-devel", "edition": 4, "reporter": "Tenable", "published": "2015-06-25T00:00:00", "title": "openSUSE Security Update : libwmf (openSUSE-2015-443)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4588", "CVE-2009-1364", "CVE-2015-0848"], "modified": "2015-06-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwmf-tools-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-debugsource", "p-cpe:/a:novell:opensuse:libwmf-devel", "p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo", "p-cpe:/a:novell:opensuse:libwmf-tools", "p-cpe:/a:novell:opensuse:libwmf-0_2-7", "p-cpe:/a:novell:opensuse:libwmf-gnome", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-32bit", "p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libwmf-gnome-32bit"], "id": "OPENSUSE-2015-443.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-443.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84384);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/06/25 13:16:54 $\");\n\n script_cve_id(\"CVE-2009-1364\", \"CVE-2015-0848\", \"CVE-2015-4588\");\n\n script_name(english:\"openSUSE Security Update : libwmf (openSUSE-2015-443)\");\n script_summary(english:\"Check for the openSUSE-2015-443 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libwmf was updated to fix three security issues and one non-security\nbug.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0848: An attacker that could trick a victim\n into opening a specially crafted WMF file with BMP\n portions in a libwmf based application could have\n executed arbitrary code with the user's privileges.\n (boo#933109)\n\n - CVE-2015-0848: An attacker that could trick a victim\n into opening a specially crafted WMF file in a libwmf\n based application could have executed arbitrary code\n through incorrect run-length encoding. (boo#933109)\n\n - CVE-2009-1364: Use-after-free vulnerability in the\n embedded GD library in libwmf allowed context-dependent\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n WMF file. (boo#495842, boo#831299)\n\nThe following non-security bug was fixed :\n\n - boo#892356: Make libwmf-tools not depend on libwmf-devel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=495842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=831299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=892356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933109\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-0_2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-0_2-7-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-0_2-7-debuginfo-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-debugsource-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-devel-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-gnome-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-gnome-debuginfo-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-tools-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libwmf-tools-debuginfo-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-32bit-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-debuginfo-32bit-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libwmf-gnome-32bit-0.2.8.4-234.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libwmf-gnome-debuginfo-32bit-0.2.8.4-234.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf-0_2-7 / libwmf-0_2-7-32bit / libwmf-0_2-7-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:53", "references": ["http://www.nessus.org/u?658454ce", "http://www.nessus.org/u?63d79c4a"], "pluginID": "86485", "description": "Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2015-10-21T00:00:00", "title": "CentOS 6 / 7 : libwmf (CESA-2015:1917)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2018-07-02T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libwmf-devel", "p-cpe:/a:centos:centos:libwmf-lite", "p-cpe:/a:centos:centos:libwmf"], "id": "CENTOS_RHSA-2015-1917.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1917 and \n# CentOS Errata and Security Advisory 2015:1917 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86485);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_xref(name:\"RHSA\", value:\"2015:1917\");\n\n script_name(english:\"CentOS 6 / 7 : libwmf (CESA-2015:1917)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libwmf packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim\ninto opening a specially crafted WMF file in an application using\nlibwmf, a remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash or execute arbitrary code with the\nprivileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-October/021434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?658454ce\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-October/021435.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63d79c4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwmf-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libwmf-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libwmf-devel-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libwmf-lite-0.2.8.4-25.el6_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libwmf-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libwmf-devel-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libwmf-lite-0.2.8.4-41.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:21", "references": [], "pluginID": "84635", "description": "Fernando Munoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-07-09T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : libwmf vulnerabilities (USN-2670-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2018-08-03T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2670-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2670-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84635);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/08/03 12:21:25\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_bugtraq_id(74923, 75230, 75329, 75331);\n script_xref(name:\"USN\", value:\"2670-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : libwmf vulnerabilities (USN-2670-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fernando Munoz and Stefan Cornelius discovered that libwmf\nincorrectly handled certain malformed images. If a user or automated\nsystem were tricked into opening a crafted image file, an attacker\ncould cause a denial of service or execute arbitrary code with\nprivileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf0.2-7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-10.3ubuntu1.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-10.3ubuntu1.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-10.3ubuntu1.15.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf0.2-7\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:59", "references": ["http://www.nessus.org/u?05197a0f"], "pluginID": "86489", "description": "It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)\n\nAfter installing the update, all applications using libwmf must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-10-21T00:00:00", "title": "Scientific Linux Security Update : libwmf on SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-10-21T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151020_LIBWMF_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86489);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:57:46 $\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n\n script_name(english:\"Scientific Linux Security Update : libwmf on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim\ninto opening a specially crafted WMF file in an application using\nlibwmf, a remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash or execute arbitrary code with the\nprivileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash. (CVE-2015-4695)\n\nAfter installing the update, all applications using libwmf must be\nrestarted for the update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1510&L=scientific-linux-errata&F=&S=&P=2224\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05197a0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libwmf-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libwmf-debuginfo-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libwmf-devel-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libwmf-lite-0.2.8.4-25.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwmf-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwmf-debuginfo-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwmf-devel-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwmf-lite-0.2.8.4-41.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:06", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-October/005462.html", "https://oss.oracle.com/pipermail/el-errata/2015-October/005461.html"], "pluginID": "86487", "description": "From Red Hat Security Advisory 2015:1917 :\n\nUpdated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2015-10-21T00:00:00", "title": "Oracle Linux 6 / 7 : libwmf (ELSA-2015-1917)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libwmf", "p-cpe:/a:oracle:linux:libwmf-devel", "p-cpe:/a:oracle:linux:libwmf-lite", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1917.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1917 and \n# Oracle Linux Security Advisory ELSA-2015-1917 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86487);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_xref(name:\"RHSA\", value:\"2015:1917\");\n\n script_name(english:\"Oracle Linux 6 / 7 : libwmf (ELSA-2015-1917)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1917 :\n\nUpdated libwmf packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim\ninto opening a specially crafted WMF file in an application using\nlibwmf, a remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2015-0848, CVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash or execute arbitrary code with the\nprivileges of the user running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-October/005461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-October/005462.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwmf-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libwmf-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libwmf-devel-0.2.8.4-25.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libwmf-lite-0.2.8.4-25.el6_7\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libwmf-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libwmf-devel-0.2.8.4-41.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libwmf-lite-0.2.8.4-41.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf / libwmf-devel / libwmf-lite\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:48", "references": ["http://www.nessus.org/u?91f4dfcc", "https://bugzilla.suse.com/831299", "https://www.suse.com/security/cve/CVE-2015-4588.html", "https://bugzilla.suse.com/936062", "https://www.suse.com/security/cve/CVE-2015-4696.html", "https://bugzilla.suse.com/933109", "https://www.suse.com/security/cve/CVE-2015-4695.html", "https://bugzilla.suse.com/495842", "https://bugzilla.suse.com/936058", "https://www.suse.com/security/cve/CVE-2015-0848.html", "https://www.suse.com/security/cve/CVE-2009-1364.html"], "pluginID": "85796", "description": "libwmf was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299)\n\n - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109)\n\n - CVE-2015-4588: DecodeImage() did not check that the run-length 'count' fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109)\n\n - CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058)\n\n - CVE-2015-4696: Use after free (bsc#936062)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-09-04T00:00:00", "title": "SUSE SLED12 Security Update : libwmf (SUSE-SU-2015:1484-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2009-1364", "CVE-2015-0848"], "modified": "2018-07-31T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libwmf-0_2-7-debuginfo", "p-cpe:/a:novell:suse_linux:libwmf-debugsource", "p-cpe:/a:novell:suse_linux:libwmf-0_2"], "id": "SUSE_SU-2015-1484-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1484-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85796);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2009-1364\", \"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_bugtraq_id(34792, 74923, 75230, 75329, 75331);\n\n script_name(english:\"SUSE SLED12 Security Update : libwmf (SUSE-SU-2015:1484-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libwmf was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2009-1364: Fixed realloc return value usage\n (bsc#495842, bnc#831299)\n\n - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109)\n\n - CVE-2015-4588: DecodeImage() did not check that the\n run-length 'count' fits into the total size of the\n image, which could lead to a heap-based buffer overflow\n (bsc#933109)\n\n - CVE-2015-4695: meta_pen_create heap buffer over read\n (bsc#936058)\n\n - CVE-2015-4696: Use after free (bsc#936062)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/495842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/831299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/933109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/936058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/936062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2009-1364.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4588.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4696.html\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151484-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91f4dfcc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-481=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-481=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-481=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwmf-0_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwmf-0_2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwmf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-0.2.8.4-242.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwmf-0_2-7-debuginfo-0.2.8.4-242.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwmf-debugsource-0.2.8.4-242.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:20", "references": ["https://security.gentoo.org/glsa/201602-03"], "pluginID": "103586", "description": "The remote host is affected by the vulnerability described in GLSA-201602-03 (libwmf: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause Denial of Service.\n Workaround :\n\n There is no known work around at this time.", "edition": 4, "reporter": "Tenable", "published": "2017-10-02T00:00:00", "title": "GLSA-201602-03 : libwmf: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2017-10-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libwmf"], "id": "GENTOO_GLSA-201602-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201602-03.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103586);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/10/02 21:40:44 $\");\n\n script_cve_id(\"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\");\n script_xref(name:\"GLSA\", value:\"201602-03\");\n\n script_name(english:\"GLSA-201602-03 : libwmf: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201602-03\n(libwmf: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libwmf. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause Denial of Service.\n \nWorkaround :\n\n There is no known work around at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201602-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libwmf users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libwmf\", unaffected:make_list(\"ge 0.2.8.4-r6\"), vulnerable:make_list(\"lt 0.2.8.4-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:43", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-0848", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4588", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4696", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4695"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "0.2.8.4-10.3ubuntu1.14.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwmf0.2-7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "0.2.8.4-10.3ubuntu1.14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwmf0.2-7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "0.2.8.4-10.3ubuntu1.15.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwmf0.2-7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "0.2.8.4-10ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwmf0.2-7", "operator": "lt"}], "description": "Fernando Mu\u00f1oz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.", "edition": 3, "reporter": "Ubuntu", "published": "2015-07-08T00:00:00", "title": "libwmf vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-07-08T00:00:00", "id": "USN-2670-1", "href": "https://usn.ubuntu.com/2670-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:42", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "src", "packageFilename": "libwmf-0.2.8.4-41.el7_1.src.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "src", "packageFilename": "libwmf-0.2.8.4-25.el6_7.src.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "src", "packageFilename": "libwmf-0.2.8.4-25.el6_7.src.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageFilename": "libwmf-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf", "operator": "lt"}], "description": "[0.2.8.4-25]\n- Resolves: rhbz#1227428 - CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696\n[0.2.8.4-24]\n- Resolves: rhbz#1227429 CVE-2015-0848 libwmf: heap overflow when decoding BMP images", "edition": 3, "reporter": "Oracle", "published": "2015-10-20T00:00:00", "title": "libwmf security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-10-20T00:00:00", "id": "ELSA-2015-1917", "href": "http://linux.oracle.com/errata/ELSA-2015-1917.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=551144", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4588", "http://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0848", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4696", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4695", "https://bugs.gentoo.org/show_bug.cgi?id=553818"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.2.8.4-r6", "packageName": "media-libs/libwmf", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nlibwmf is a library for converting WMF files.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nAll libwmf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libwmf-0.2.8.4-r6\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "libwmf: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2016-02-27T00:00:00", "id": "GLSA-201602-03", "href": "https://security.gentoo.org/glsa/201602-03", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:26:03", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1917.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-0.2.8.4-41.el7_1.src.rpm", "packageName": "libwmf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf-lite", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-0.2.8.4-25.el6_7.src.rpm", "packageName": "libwmf", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf-lite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm", "packageName": "libwmf-lite", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm", "packageName": "libwmf-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.i686.rpm", "packageName": "libwmf-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-lite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.i686.rpm", "packageName": "libwmf-lite", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1917\n\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021434.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-October/021435.html\n\n**Affected packages:**\nlibwmf\nlibwmf-devel\nlibwmf-lite\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1917.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-10-20T17:05:25", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "libwmf security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-10-20T19:06:55", "href": "http://lists.centos.org/pipermail/centos-announce/2015-October/021434.html", "id": "CESA-2015:1917", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32317"], "description": "Multiple memory corruptions.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-07-14T00:00:00", "title": "libwmf multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:01", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libwmf", "version": "0.2", "operator": "eq"}], "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-07-14T00:00:00", "id": "SECURITYVULNS:VULN:14583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14583", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2670-1\r\nJuly 08, 2015\r\n\r\nlibwmf vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.04\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nlibwmf could be made to crash or run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libwmf: Windows metafile conversion tools\r\n\r\nDetails:\r\n\r\nFernando Munoz and Stefan Cornelius discovered that libwmf incorrectly\r\nhandled certain malformed images. If a user or automated system were\r\ntricked into opening a crafted image file, an attacker could cause a denial\r\nof service or execute arbitrary code with privileges of the user invoking\r\nthe program.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.04:\r\n libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1\r\n\r\nUbuntu 14.10:\r\n libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libwmf0.2-7 0.2.8.4-10ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2670-1\r\n CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4695,\r\n CVE-2015-4696\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.15.04.1\r\n https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.14.10.1\r\n https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10.3ubuntu1.14.04.1\r\n https://launchpad.net/ubuntu/+source/libwmf/0.2.8.4-10ubuntu1.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-07-14T00:00:00", "title": "[USN-2670-1] libwmf vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:00", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4695", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2015-07-14T00:00:00", "id": "SECURITYVULNS:DOC:32317", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32317", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "src", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "i686", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "x86_64", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc64", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc64", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc64", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc64", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "ppc", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390x", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-25.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390x", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-25.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390x", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-25.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.2.8.4-25.el6_7", "arch": "s390x", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-25.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "src", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "x86_64", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "i686", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc64", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc64", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc64", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "ppc64", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390x", "packageName": "libwmf-debuginfo", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390x", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390", "packageName": "libwmf-devel", "packageFilename": "libwmf-devel-0.2.8.4-41.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390x", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390", "packageName": "libwmf", "packageFilename": "libwmf-0.2.8.4-41.el7_1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390x", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.2.8.4-41.el7_1", "arch": "s390", "packageName": "libwmf-lite", "packageFilename": "libwmf-lite-0.2.8.4-41.el7_1.s390.rpm", "operator": "lt"}], "description": "libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code with\nthe privileges of the user running the application. (CVE-2015-0848,\nCVE-2015-4588)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash or execute arbitrary code with the privileges of the\nuser running the application. (CVE-2015-4696)\n\nIt was discovered that libwmf did not properly process certain WMF files.\nBy tricking a victim into opening a specially crafted WMF file in an\napplication using libwmf, a remote attacker could possibly exploit this\nflaw to cause a crash. (CVE-2015-4695)\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications using libwmf must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2015-10-20T04:00:00", "type": "redhat", "title": "(RHSA-2015:1917) Important: libwmf security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:13", "id": "RHSA-2015:1917", "href": "https://access.redhat.com/errata/RHSA-2015:1917", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:37", "references": [], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.2.8.4_14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libwmf", "operator": "lt"}], "description": "\nMitre reports:\n\nMultiple buffer overflows in the gd graphics library (libgd) 2.0.21\n\t and earlier may allow remote attackers to execute arbitrary code via\n\t malformed image files that trigger the overflows due to improper\n\t calls to the gdMalloc function, a different set of vulnerabilities\n\t than CVE-2004-0990.\n\n\nBuffer overflow in the gdImageStringFTEx function in gdft.c in GD\n\t Graphics Library 2.0.33 and earlier allows remote attackers to cause\n\t a denial of service (application crash) and possibly execute\n\t arbitrary code via a crafted string with a JIS encoded font.\n\n\nThe gdPngReadData function in libgd 2.0.34 allows user-assisted\n\t attackers to cause a denial of service (CPU consumption) via a\n\t crafted PNG image with truncated data, which causes an infinite loop\n\t in the png_read_info function in libpng.\n\n\nInteger overflow in gdImageCreateTrueColor function in the GD\n\t Graphics Library (libgd) before 2.0.35 allows user-assisted remote\n\t attackers to have unspecified attack vectors and impact.\n\n\nThe gdImageCreateXbm function in the GD Graphics Library (libgd)\n\t before 2.0.35 allows user-assisted remote attackers to cause a\n\t denial of service (crash) via unspecified vectors involving a\n\t gdImageCreate failure.\n\n\nThe (a) imagearc and (b) imagefilledarc functions in GD Graphics\n\t Library (libgd) before 2.0.35 allow attackers to cause a denial of\n\t service (CPU consumption) via a large (1) start or (2) end angle\n\t degree value.\n\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before\n\t 5.3.1, and the GD Graphics Library 2.x, does not properly verify a\n\t certain colorsTotal structure member, which might allow remote\n\t attackers to conduct buffer overflow or buffer over-read attacks via\n\t a crafted GD file, a different vulnerability than CVE-2009-3293.\n\t NOTE: some of these details are obtained from third party\n\t information.\n\n\nHeap-based buffer overflow in libwmf 0.2.8.4 allows remote\n\t attackers to cause a denial of service (crash) or possibly execute\n\t arbitrary code via a crafted BMP image.\n\n\nmeta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial\n\t of service (out-of-bounds read) via a crafted WMF file.\n\n\nUse-after-free vulnerability in libwmf 0.2.8.4 allows remote\n\t attackers to cause a denial of service (crash) via a crafted WMF\n\t file to the (1) wmf2gd or (2) wmf2eps command.\n\n\nHeap-based buffer overflow in the DecodeImage function in libwmf\n\t 0.2.8.4 allows remote attackers to cause a denial of service (crash)\n\t or possibly execute arbitrary code via a crafted \"run-length count\"\n\t in an image in a WMF file.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2004-10-12T00:00:00", "title": "libwmf -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3546", "CVE-2004-0941", "CVE-2007-2756", "CVE-2015-4695", "CVE-2007-3477", "CVE-2007-3472", "CVE-2007-0455", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-4696", "CVE-2015-0848"], "modified": "2004-10-12T00:00:00", "id": "CA139C7F-2A8C-11E5-A4A5-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/ca139c7f-2a8c-11e5-a4a5-002590263bf5.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2016-09-28T21:04:02", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1917.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "x86_64", "packageFilename": "libwmf-lite-0.2.8.4-41.11.amzn1.x86_64", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "x86_64", "packageFilename": "libwmf-devel-0.2.8.4-41.11.amzn1.x86_64", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-41.11.amzn1.x86_64", "packageName": "libwmf", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "i686", "packageFilename": "libwmf-0.2.8.4-41.11.amzn1.i686", "packageName": "libwmf", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "i686", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.11.amzn1.i686", "packageName": "libwmf-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "src", "packageFilename": "libwmf-0.2.8.4-41.11.amzn1.src", "packageName": "libwmf", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "i686", "packageFilename": "libwmf-lite-0.2.8.4-41.11.amzn1.i686", "packageName": "libwmf-lite", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "i686", "packageFilename": "libwmf-devel-0.2.8.4-41.11.amzn1.i686", "packageName": "libwmf-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.2.8.4-41.11", "arch": "x86_64", "packageFilename": "libwmf-debuginfo-0.2.8.4-41.11.amzn1.x86_64", "packageName": "libwmf-debuginfo", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nIt was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. ([CVE-2015-0848 __](<https://access.redhat.com/security/cve/CVE-2015-0848>), [CVE-2015-4588 __](<https://access.redhat.com/security/cve/CVE-2015-4588>))\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. ([CVE-2015-4696 __](<https://access.redhat.com/security/cve/CVE-2015-4696>))\n\nIt was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. ([CVE-2015-4695 __](<https://access.redhat.com/security/cve/CVE-2015-4695>))\n\nThe gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. ([CVE-2007-2756 __](<https://access.redhat.com/security/cve/CVE-2007-2756>))\n\nBuffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. ([CVE-2007-0455 __](<https://access.redhat.com/security/cve/CVE-2007-0455>))\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than [CVE-2009-3293 __](<https://access.redhat.com/security/cve/CVE-2009-3293>). NOTE: some of these details are obtained from third party information. ([CVE-2009-3546 __](<https://access.redhat.com/security/cve/CVE-2009-3546>))\n\nInteger overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. ([CVE-2007-3472 __](<https://access.redhat.com/security/cve/CVE-2007-3472>))\n\nThe gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. ([CVE-2007-3473 __](<https://access.redhat.com/security/cve/CVE-2007-3473>))\n\n \n**Affected Packages:** \n\n\nlibwmf\n\n \n**Issue Correction:** \nRun _yum update libwmf_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n libwmf-debuginfo-0.2.8.4-41.11.amzn1.i686 \n libwmf-devel-0.2.8.4-41.11.amzn1.i686 \n libwmf-0.2.8.4-41.11.amzn1.i686 \n libwmf-lite-0.2.8.4-41.11.amzn1.i686 \n \n src: \n libwmf-0.2.8.4-41.11.amzn1.src \n \n x86_64: \n libwmf-lite-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-devel-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-debuginfo-0.2.8.4-41.11.amzn1.x86_64 \n libwmf-0.2.8.4-41.11.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2015-10-27T13:51:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "amazon", "title": "Important: libwmf", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3546", "CVE-2007-2756", "CVE-2015-4695", "CVE-2007-3472", "CVE-2007-0455", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-4696", "CVE-2009-3293", "CVE-2015-0848"], "modified": "2015-10-27T14:16:00", "id": "ALAS-2015-604", "href": "https://alas.aws.amazon.com/ALAS-2015-604.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:44", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "0.2.8.4", "arch": "i586", "packageFilename": "libwmf-0.2.8.4-i586-7_slack14.1.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.2.8.4", "arch": "i486", "packageFilename": "libwmf-0.2.8.4-i486-6_slack13.37.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-6_slack14.1.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.2.8.4", "arch": "i486", "packageFilename": "libwmf-0.2.8.4-i486-6_slack13.1.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-5_slack13.0.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-6_slack14.0.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-6_slack13.37.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.2.8.4", "arch": "i486", "packageFilename": "libwmf-0.2.8.4-i486-5_slack13.0.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-7_slack14.1.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.2.8.4", "arch": "x86_64", "packageFilename": "libwmf-0.2.8.4-x86_64-6_slack13.1.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "0.2.8.4", "arch": "i486", "packageFilename": "libwmf-0.2.8.4-i486-6_slack14.0.txz", "packageName": "libwmf", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "0.2.8.4", "arch": "i486", "packageFilename": "libwmf-0.2.8.4-i486-6_slack14.1.txz", "packageName": "libwmf", "operator": "lt"}], "description": "New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz: Rebuilt.\n Patched denial of service and possible execution of arbitrary code\n security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0848\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4588\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4695\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4696\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9011\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libwmf-0.2.8.4-i486-5_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libwmf-0.2.8.4-x86_64-5_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libwmf-0.2.8.4-i486-6_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libwmf-0.2.8.4-i486-6_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libwmf-0.2.8.4-x86_64-6_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libwmf-0.2.8.4-i486-6_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libwmf-0.2.8.4-x86_64-6_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libwmf-0.2.8.4-i486-6_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libwmf-0.2.8.4-x86_64-6_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libwmf-0.2.8.4-i586-7_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libwmf-0.2.8.4-x86_64-7_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libwmf-0.2.8.4-i586-8.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libwmf-0.2.8.4-x86_64-8.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n6d0143e7e105188714f767aea522f4cb libwmf-0.2.8.4-i486-5_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n3f47383d824d93c4518f8fc738c0c820 libwmf-0.2.8.4-x86_64-5_slack13.0.txz\n\nSlackware 13.1 package:\n871f2ed8d5b43a139607a4d6f959ff93 libwmf-0.2.8.4-i486-6_slack13.1.txz\n\nSlackware x86_64 13.1 package:\na8cff7e3b53153589eab0a0bab9209de libwmf-0.2.8.4-x86_64-6_slack13.1.txz\n\nSlackware 13.37 package:\n5db38178040f541080caf9776256331d libwmf-0.2.8.4-i486-6_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n5d308a63d03d940622ec21d870b01cde libwmf-0.2.8.4-x86_64-6_slack13.37.txz\n\nSlackware 14.0 package:\nc806e42bd0498db0f3b70957c7c3a401 libwmf-0.2.8.4-i486-6_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n376835bf78178bb15bb3c56cee454eb4 libwmf-0.2.8.4-x86_64-6_slack14.0.txz\n\nSlackware 14.1 package:\n8a30446ddb36004db6d5ce10728807af libwmf-0.2.8.4-i486-6_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nceb7fa835645c9d55c3ad5eac9eab754 libwmf-0.2.8.4-x86_64-6_slack14.1.txz\n\nSlackware 14.2 package:\n4d98c4cad02f173e00570dccccba226a libwmf-0.2.8.4-i586-7_slack14.1.txz\n\nSlackware x86_64 14.2 package:\n0750711520b0cf4ff5a9a6e363815702 libwmf-0.2.8.4-x86_64-7_slack14.1.txz\n\nSlackware -current package:\nac7070e538cf1d1bb08b68cf7883de6d l/libwmf-0.2.8.4-i586-8.txz\n\nSlackware x86_64 -current package:\n5a60b94c51180b5a2d53dba2fe430379 l/libwmf-0.2.8.4-x86_64-8.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libwmf-0.2.8.4-i586-7_slack14.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2018-04-30T18:19:49", "title": "libwmf", "type": "slackware", "enchantments": {"score": {"modified": "2018-08-31T00:36:44", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-10168", "CVE-2009-3546", "CVE-2016-9011", "CVE-2004-0941", "CVE-2016-9317", "CVE-2007-2756", "CVE-2015-4695", "CVE-2007-3477", "CVE-2007-3472", "CVE-2007-0455", "CVE-2007-3473", "CVE-2016-10167", "CVE-2015-4588", "CVE-2015-4696", "CVE-2006-3376", "CVE-2015-0848", "CVE-2017-6362"], "modified": "2018-04-30T18:19:49", "id": "SSA-2018-120-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kitploit": [{"lastseen": "2018-08-31T14:37:43", "references": ["https://github.com/ilpianista/arch-audit"], "description": "[  ](<https://4.bp.blogspot.com/-Uf2o3nvS9iI/V-iDG8z9gdI/AAAAAAAAGNQ/lMp_2XaKabgLXdkrp0YBjUx8yOnf0IZzwCLcB/s1600/archlinux-logo-dark.png>)\n\n \nAn utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data \n \nUses data collected by the awesome [ Arch CVE Monitoring Team ](<https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team>) . \n \n** Installation ** \n \n** From AUR ** \nThe PKGBUILD is available [ on AUR ](<https://aur.archlinux.org/packages/arch-audit>) . \nAfter the installation just execute ` arch-audit ` . \n \n** From sources ** \n\n \n \n git clone https://github.com/ilpianista/arch-audit\n cd arch-audit\n cargo build\n cargo run\n\n \n** Example output ** \n\n \n \n $ arch-audit\n Package libwmf is affected by [\"CVE-2009-1364\", \"CVE-2006-3376\", \"CVE-2007-0455\", \"CVE-2007-2756\", \"CVE-2007-3472\", \"CVE-2007-3473\", \"CVE-2007-3477\", \"CVE-2009-3546\", \"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2016-5875\", \"CVE-2016-5314\", \"CVE-2016-5315\", \"CVE-2016-5316\", \"CVE-2016-5317\", \"CVE-2016-5320\", \"CVE-2016-5321\", \"CVE-2016-5322\", \"CVE-2016-5323\", \"CVE-2016-5102\", \"CVE-2016-3991\", \"CVE-2016-3990\", \"CVE-2016-3945\", \"CVE-2016-3658\", \"CVE-2016-3634\", \"CVE-2016-3633\", \"CVE-2016-3632\", \"CVE-2016-3631\", \"CVE-2016-3625\", \"CVE-2016-3624\", \"CVE-2016-3623\", \"CVE-2016-3622\", \"CVE-2016-3621\", \"CVE-2016-3620\", \"CVE-2016-3619\", \"CVE-2016-3186\", \"CVE-2015-8668\", \"CVE-2015-7313\", \"CVE-2014-8130\", \"CVE-2014-8127\", \"CVE-2010-2596\", \"CVE-2016-6223\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2015-7554\", \"CVE-2015-8683\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-8751\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5221\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5203\"]. VULNERABLE!\n Package lib32-openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1:1.0.2.i-1!\n Package wireshark-cli is affected by [\"CVE-2016-7180\", \"CVE-2016-7175\", \"CVE-2016-7176\", \"CVE-2016-7177\", \"CVE-2016-7178\", \"CVE-2016-7179\"]. Update to 2.2.0-1!\n Package wpa_supplicant is affected by [\"CVE-2016-4477\", \"CVE-2016-4476\"]. VULNERABLE!\n Package openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1.0.2.i-1!\n Package crypto++ is affected by [\"CVE-2016-7420\"]. VULNERABLE!\n Package bzip2 is affected by [\"CVE-2016-3189\"]. VULNERABLE!\n Package libimobiledevice is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package libusbmuxd is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package gdk-pixbuf2 is affected by [\"CVE-2016-6352\"]. VULNERABLE!\n \n $ arch-audit --upgradable --quiet\n wireshark-cli>=2.2.0-1\n openssl>=1.0.2.i-1\n lib32-openssl>=1:1.0.2.i-1\n \n $ arch-audit -uf \"%n|%c\"\n openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179\n lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n\n \n \n\n\n** [ Download arch-audit ](<https://github.com/ilpianista/arch-audit>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2016-10-15T14:30:02", "title": "arch-audit - An utility like pkg-audit for Arch Linux", "type": "kitploit", "enchantments": {"score": {"modified": "2018-08-31T14:37:43", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "tools", "cvelist": ["CVE-2016-3622", "CVE-2009-3546", "CVE-2016-5314", "CVE-2016-7176", "CVE-2016-4476", "CVE-2016-7420", "CVE-2016-3623", "CVE-2016-6306", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-2183", "CVE-2016-3619", "CVE-2016-2178", "CVE-2016-5322", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-6302", "CVE-2016-3658", "CVE-2016-7177", "CVE-2016-3632", "CVE-2016-7180", "CVE-2016-2177", "CVE-2010-2596", "CVE-2016-7179", "CVE-2016-5104", "CVE-2016-3189", "CVE-2016-3620", "CVE-2015-8751", "CVE-2007-2756", "CVE-2016-6352", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-2180", "CVE-2016-5320", "CVE-2015-4695", "CVE-2007-3477", "CVE-2015-7313", "CVE-2016-3186", "CVE-2016-7175", "CVE-2016-5323", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-5315", "CVE-2014-8130", "CVE-2015-5203", "CVE-2015-7554", "CVE-2007-3472", "CVE-2016-3990", "CVE-2016-4477", "CVE-2016-3633", "CVE-2016-6223", "CVE-2007-0455", "CVE-2016-5317", "CVE-2016-3624", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-5221", "CVE-2016-6303", "CVE-2015-4696", "CVE-2016-5102", "CVE-2006-3376", "CVE-2016-2182", "CVE-2009-1364", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-2179", "CVE-2016-7178", "CVE-2015-0848"], "modified": "2016-10-15T14:30:02", "toolHref": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "id": "KITPLOIT:2973941148692546578", "href": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
