Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200907-01
HistoryJul 02, 2009 - 12:00 a.m.

libwmf: User-assisted execution of arbitrary code

2009-07-0200:00:00
Gentoo Foundation
security.gentoo.org
7

0.016 Low

EPSS

Percentile

87.6%

JSON

Background

libwmf is a library for converting WMF files.

Description

The embedded fork of the GD library introduced a “use-after-free” vulnerability in a modification which is specific to libwmf.

Impact

A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All libwmf users should upgrade to the latest version which no longer builds the GD library:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/libwmf< 0.2.8.4-r3UNKNOWN

Related

openvas 31
nessus 19
redhat 1
securityvulns 2
centos 2
oraclelinux 1
fedora 3
cve 1
freebsd 1
debian 1
cvelist 1
ubuntucve 1
prion 1
debiancve 1
ubuntu 1
archlinux 1
kitploit 1
openvas
openvas
RedHat Security Advisory RHSA-2009:0457
2009-05-05 00:00:00
Ubuntu: Security Advisory (USN-769-1)
2009-06-05 00:00:00
CentOS Update for libwmf CESA-2009:0457 centos4 i386
2011-08-09 00:00:00
nessus
nessus
openSUSE 10 Security Update : libwmf (libwmf-6212)
2009-05-15 00:00:00
openSUSE Security Update : libwmf (libwmf-821)
2009-07-21 00:00:00
Scientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2009:0457) Moderate: libwmf security update
2009-04-30 00:00:00
securityvulns
securityvulns
[USN-769-1] libwmf vulnerability
2009-05-04 00:00:00
libwmf use-after-free vulnerability
2009-05-04 00:00:00
centos
centos
libwmf security update
2009-05-03 12:26:02
acpid security update
2009-05-07 20:36:32
oraclelinux
oraclelinux
libwmf security update
2009-04-30 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: libwmf-0.2.8.4-18.1.fc9
2009-05-27 19:04:47
[SECURITY] Fedora 10 Update: libwmf-0.2.8.4-18.1.fc10
2009-05-27 19:04:02
[SECURITY] Fedora 11 Update: libwmf-0.2.8.4-20.fc11
2009-05-27 19:03:27
cve
cve
CVE-2009-1364
2009-05-01 17:30:00
freebsd
freebsd
libwmf -- embedded GD library Use-After-Free vulnerability
2009-05-05 00:00:00
debian
debian
[SECURITY] [DSA 1796-1] New libwmf packages fix denial of service
2009-05-07 21:24:48
cvelist
cvelist
CVE-2009-1364
2009-05-01 17:00:00
ubuntucve
ubuntucve
CVE-2009-1364
2009-05-01 00:00:00
prion
prion
Design/Logic Flaw
2009-05-01 17:30:00
debiancve
debiancve
CVE-2009-1364
2009-05-01 17:30:00
ubuntu
ubuntu
libwmf vulnerability
2009-05-04 00:00:00
archlinux
archlinux
[ASA-201701-1] libwmf: multiple issues
2017-01-01 00:00:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00

0.016 Low

EPSS

Percentile

87.6%

JSON
Related for GLSA-200907-01
openvas31nessus19redhat1securityvulns2centos2oraclelinux1fedora3cve1freebsd1debian1cvelist1ubuntucve1prion1debiancve1ubuntu1archlinux1kitploit1