[SECURITY] [DLA 253-1] libwmf security update

2015-06-26T07:14:51
ID DEBIAN:DLA-253-1:570D2
Type debian
Reporter Debian
Modified 2015-06-26T07:14:51

Description

Package : libwmf Version : 0.2.8.4-6.2+deb6u1 CVE ID : CVE-2015-0848 CVE-2015-4588 Debian Bug : #787644

The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files:

CVE-2015-0848

A heap overflow when decoding embedded BMP images that don't use 8 bits per
pixel.

CVE-2015-4588

A missing check in the RLE decoding of embedded BMP images.

We recommend that you update your libwmf packages.