ID OPENVAS:136141256231064364 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 200907-01.
#
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "libwmf bundles an old GD version which contains a 'use-after-free'
vulnerability.";
tag_solution = "All libwmf users should upgrade to the latest version which no longer
builds the GD library:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-01
http://bugs.gentoo.org/show_bug.cgi?id=268161";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200907-01.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64364");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)");
script_cve_id("CVE-2009-1364");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Gentoo Security Advisory GLSA 200907-01 (libwmf)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if ((res = ispkgvuln(pkg:"media-libs/libwmf", unaffected: make_list("ge 0.2.8.4-r3"), vulnerable: make_list("lt 0.2.8.4-r3"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231064364", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200907-01 (libwmf)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-01.", "published": "2009-07-06T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064364", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-1364"], "lastseen": "2018-04-06T11:38:07", "viewCount": 0, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2018-04-06T11:38:07", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1364"]}, {"type": "ubuntu", "idList": ["USN-769-1"]}, {"type": "centos", "idList": ["CESA-2009:0457"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21768", "SECURITYVULNS:VULN:9890"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1796-1:91372"]}, {"type": "freebsd", "idList": ["6A245F31-4254-11DE-B67A-0030843D3802"]}, {"type": "gentoo", "idList": ["GLSA-200907-01"]}, {"type": "fedora", "idList": ["FEDORA:1E0BA10F897", "FEDORA:C962310F87F", "FEDORA:7222710F85A"]}, {"type": "redhat", "idList": ["RHSA-2009:0457"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0457"]}, {"type": "nessus", "idList": ["SUSE_11_0_LIBWMF-090423.NASL", "SUSE_11_LIBWMF-090428.NASL", "UBUNTU_USN-769-1.NASL", "FEDORA_2009-5517.NASL", "DEBIAN_DSA-1796.NASL", "FREEBSD_PKG_6A245F31425411DEB67A0030843D3802.NASL", "MANDRIVA_MDVSA-2009-106.NASL", "FEDORA_2009-5518.NASL", "SL_20090430_LIBWMF_ON_SL4_X.NASL", "FEDORA_2009-5524.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:63909", "OPENVAS:64126", "OPENVAS:64092", "OPENVAS:64364", "OPENVAS:136141256231064126", "OPENVAS:64002", "OPENVAS:136141256231063909", "OPENVAS:64014", "OPENVAS:136141256231064093", "OPENVAS:136141256231064076"]}, {"type": "archlinux", "idList": ["ASA-201701-1"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}], "modified": "2018-04-06T11:38:07", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "136141256231064364", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libwmf bundles an old GD version which contains a 'use-after-free'\n vulnerability.\";\ntag_solution = \"All libwmf users should upgrade to the latest version which no longer\n builds the GD library:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=268161\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-01.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64364\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200907-01 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libwmf\", unaffected: make_list(\"ge 0.2.8.4-r3\"), vulnerable: make_list(\"lt 0.2.8.4-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:54:13", "description": "Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 3, "cvss3": {}, "published": "2009-05-01T17:30:00", "title": "CVE-2009-1364", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1364"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:francis_james_franklin:libwmf:0.2.8.4", "cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2009-1364", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1364", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:31:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "Tavis Ormandy discovered that libwmf incorrectly used memory after it had \nbeen freed when using its embedded GD library. If a user or automated \nsystem were tricked into opening a crafted WMF file, an attacker could \ncause a denial of service or execute arbitrary code with privileges of the \nuser invoking the program.", "edition": 5, "modified": "2009-05-04T00:00:00", "published": "2009-05-04T00:00:00", "id": "USN-769-1", "href": "https://ubuntu.com/security/notices/USN-769-1", "title": "libwmf vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:01", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0457\n\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library embedded\nin libwmf. An attacker could create a specially-crafted WMF file that would\ncause an application using libwmf to crash or, potentially, execute\narbitrary code as the user running the application when opened by a victim.\n(CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in libwmf.\nIt does not affect the GD graphics library from the \"gd\" packages, or\napplications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team for\nresponsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, all applications using libwmf must be restarted for the update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027879.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027881.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027909.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027910.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027960.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027961.html\n\n**Affected packages:**\nlibwmf\nlibwmf-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0457.html", "edition": 4, "modified": "2009-05-22T22:17:52", "published": "2009-05-03T12:26:02", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/027879.html", "id": "CESA-2009:0457", "title": "libwmf security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:19", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1796-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nApril 7th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libwmf\nVulnerability : pointer use-after-free\nProblem type : local (remote)\nDebian-specific: no\nDebian bug : 526434\nCVE ID : CVE-2009-1364\n\n\nTavis Ormandy discovered that the embedded GD library copy in libwmf,\na library to parse windows metafiles (WMF), makes use of a pointer\nafter it was already freed. An attacker using a crafted WMF file can\ncause a denial of service or possibly the execute arbitrary code via\napplications using this library.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.2.8.4-2+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.2.8.4-6+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.2.8.4-6.1.\n\n\nWe recommend that you upgrade your libwmf packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.diff.gz\n Size/MD5 checksum: 7644 2b4fed248a00761fd52d0121b1a85bc3\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.dsc\n Size/MD5 checksum: 777 3cee5266c519e54d0da6af8e7bfce4fb\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz\n Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-2+etch1_all.deb\n Size/MD5 checksum: 285000 dad2e5a29f12e8eb1044aa0e8711f9ca\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_alpha.deb\n Size/MD5 checksum: 20778 cb687c76275147f88647cc66432c7e19\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_alpha.deb\n Size/MD5 checksum: 266074 b339918318e45eb257f17a118189ce84\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_alpha.deb\n Size/MD5 checksum: 202096 d17c7648e7a36c487cc350a2337a9895\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_amd64.deb\n Size/MD5 checksum: 18236 c297e08f3ef5b051539e953e86c079ef\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_amd64.deb\n Size/MD5 checksum: 181534 84d6098d1c8664b140af1133a2131a21\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_amd64.deb\n Size/MD5 checksum: 207970 38bb87b9709162127b1781f1f94faabd\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_arm.deb\n Size/MD5 checksum: 17282 babef9667a9f4b08caefd35768a3a46d\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_arm.deb\n Size/MD5 checksum: 193728 e746d7645a15cd86949b100cdf45b40d\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_arm.deb\n Size/MD5 checksum: 171004 5a3619cbce2f2a5c372b95264b89deeb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_hppa.deb\n Size/MD5 checksum: 233692 cd29f5b00baf76ff13024fbb86f6d9e3\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_hppa.deb\n Size/MD5 checksum: 199222 8065d7a00098dc8369db734a05b9c17f\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_hppa.deb\n Size/MD5 checksum: 20012 248ff058981781eb05dd840e267be350\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_i386.deb\n Size/MD5 checksum: 16972 6c9b82eb6ec8bae312e3b9560287f128\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_i386.deb\n Size/MD5 checksum: 173774 574bd6bfae2c31dd6b327adbc3f8198e\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_i386.deb\n Size/MD5 checksum: 196458 fd9303e305f980531f7189bde27cf9d2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_ia64.deb\n Size/MD5 checksum: 302452 52a71013e006a01c8c9fa9812dcbbce8\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_ia64.deb\n Size/MD5 checksum: 26150 8d4c7ca669c634d5a4a0c038f603f8b8\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_ia64.deb\n Size/MD5 checksum: 264844 21f1ff094fd730d04e7e2b4377b874f6\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_mips.deb\n Size/MD5 checksum: 229336 d52a35cbfe9b5bc6791f43b894f6bda8\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_mips.deb\n Size/MD5 checksum: 176096 5dc5d4b8417ddcdca85ccac83c7072ef\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_mips.deb\n Size/MD5 checksum: 18994 80122014dde275e45efb64b4451603e8\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_powerpc.deb\n Size/MD5 checksum: 186686 bce7bb5a7b7a8d6593a4273d2e3e4c7b\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_powerpc.deb\n Size/MD5 checksum: 207140 10bbafbc62f653e29b2f8c88bbdd9b02\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_powerpc.deb\n Size/MD5 checksum: 22900 543ae9e4df3d297121f899b634636713\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_s390.deb\n Size/MD5 checksum: 18116 1206f23d337f638a7bf405fae7f9a7a1\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_s390.deb\n Size/MD5 checksum: 203422 4d8465b694e76c2b5a58d3787b4914c6\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_s390.deb\n Size/MD5 checksum: 183234 639d7e103590d7688224d9f5502126b0\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_sparc.deb\n Size/MD5 checksum: 173576 4d7b14354b5c143ed4fa096bbcb1a752\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_sparc.deb\n Size/MD5 checksum: 203976 f319ee7010a0efd187db5023359a8beb\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_sparc.deb\n Size/MD5 checksum: 17268 bb5de5301730ce0cd417e6e945838512\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.diff.gz\n Size/MD5 checksum: 7894 4f82263c3909e9b63e0cbc7ed10e997d\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz\n Size/MD5 checksum: 2169375 d1177739bf1ceb07f57421f0cee191e0\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.dsc\n Size/MD5 checksum: 1195 ca8aa8b0ca3a03408032af1ff3882569\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-6+lenny1_all.deb\n Size/MD5 checksum: 285920 c5388d928771785efcbf9cecb6c589a1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_alpha.deb\n Size/MD5 checksum: 20598 d06f257a8d9ac39374bd69327bb44856\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_alpha.deb\n Size/MD5 checksum: 263434 8daea32a448767b08e888f051dcc95f7\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_alpha.deb\n Size/MD5 checksum: 203738 e9ac47fa10381c5510c5ace60b920c1a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_amd64.deb\n Size/MD5 checksum: 18992 49529a2273c18658ed927016b33e0ff5\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_amd64.deb\n Size/MD5 checksum: 186908 79c5cf0608709bb8a8e52547a050e94c\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_amd64.deb\n Size/MD5 checksum: 210036 b933a8713fee44409613401692602bc9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_arm.deb\n Size/MD5 checksum: 16936 de40799cfcd047a65470c67d90c99996\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_arm.deb\n Size/MD5 checksum: 173436 7ac2f9516551b7e87c58e9b3c90c4aae\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_arm.deb\n Size/MD5 checksum: 193904 70ff03d5f3353a7921b9e64a7d575865\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_armel.deb\n Size/MD5 checksum: 181438 af85015b825f8ff0afe5013b9198f612\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_armel.deb\n Size/MD5 checksum: 18334 5b6ebb4cf15385f5ee4cb5994ceca5e0\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_armel.deb\n Size/MD5 checksum: 199168 ac0f164a3f1cb5773351026db81c3b4a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_hppa.deb\n Size/MD5 checksum: 19770 3bef399e7872f710e425bd4f9e4327a6\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_hppa.deb\n Size/MD5 checksum: 201662 faf3930f62f1e8040b98df980e011b57\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_hppa.deb\n Size/MD5 checksum: 236120 f92e57dfc0f888949f2d54f6ee9687a1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_i386.deb\n Size/MD5 checksum: 176452 a70ddf1417312c0acad56e05403b8875\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_i386.deb\n Size/MD5 checksum: 194024 f3d7fb16b81a8df01eccb01dfce91cc4\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_i386.deb\n Size/MD5 checksum: 16928 572efd6f96ec0aad181fea0ba46e96f2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_ia64.deb\n Size/MD5 checksum: 25766 6dc665e9ced6a39c279eb93abcf1469f\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_ia64.deb\n Size/MD5 checksum: 304474 60d47ed04099d9128c255097536b59fd\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_ia64.deb\n Size/MD5 checksum: 270232 6e92952dc90896353b46392f2a5d0edb\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mips.deb\n Size/MD5 checksum: 18192 c962575a11e80c524148034e335c02b3\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mips.deb\n Size/MD5 checksum: 229846 23e8811e367af817997a8dc2c87f45c7\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mips.deb\n Size/MD5 checksum: 179160 907f41074981099e5b970ba373770483\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mipsel.deb\n Size/MD5 checksum: 223738 d719ba660f5a356e982fd173f51bcf73\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mipsel.deb\n Size/MD5 checksum: 17854 8f1b053ebe04427d7ecdbad974865302\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mipsel.deb\n Size/MD5 checksum: 180004 4effa6b4a227d70e574106d88150660d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_powerpc.deb\n Size/MD5 checksum: 214354 e7433c7790e0b0456c415d84c9dd7cd2\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_powerpc.deb\n Size/MD5 checksum: 27392 7282af7c836ee8c2339e48f04885e955\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_powerpc.deb\n Size/MD5 checksum: 196128 61d4022bd0ac9028e6fac9b8521a3fd3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_s390.deb\n Size/MD5 checksum: 203604 6195247347970250b62101f6b798409b\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_s390.deb\n Size/MD5 checksum: 18624 3c2be19a55bb550e1a6383b93f0eda9e\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_s390.deb\n Size/MD5 checksum: 186986 17b24ed61aea2f6153f700378d512e02\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_sparc.deb\n Size/MD5 checksum: 177318 02b2b31bb88340a03e58ad679370e3aa\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_sparc.deb\n Size/MD5 checksum: 200278 9e0041b2d3b87acfbcf9fd1790677859\n http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_sparc.deb\n Size/MD5 checksum: 17748 5f0f3860c1af2bba8e6a77cb9ed67cca\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-05-07T21:24:48", "published": "2009-05-07T21:24:48", "id": "DEBIAN:DSA-1796-1:91372", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00107.html", "title": "[SECURITY] [DSA 1796-1] New libwmf packages fix denial of service", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-1364"], "description": "Use of freed memory on WMF file proceeing.", "edition": 1, "modified": "2009-05-04T00:00:00", "published": "2009-05-04T00:00:00", "id": "SECURITYVULNS:VULN:9890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9890", "title": "libwmf use-after-free vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1364"], "description": "===========================================================\r\nUbuntu Security Notice USN-769-1 May 04, 2009\r\nlibwmf vulnerability\r\nCVE-2009-1364\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libwmf0.2-7 0.2.8.3-3.1ubuntu0.2\r\n\r\nUbuntu 8.04 LTS:\r\n libwmf0.2-7 0.2.8.4-6ubuntu0.8.04.1\r\n\r\nUbuntu 8.10:\r\n libwmf0.2-7 0.2.8.4-6ubuntu0.8.10.1\r\n\r\nUbuntu 9.04:\r\n libwmf0.2-7 0.2.8.4-6ubuntu1.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nTavis Ormandy discovered that libwmf incorrectly used memory after it had\r\nbeen freed when using its embedded GD library. If a user or automated\r\nsystem were tricked into opening a crafted WMF file, an attacker could\r\ncause a denial of service or execute arbitrary code with privileges of the\r\nuser invoking the program.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.2.diff.gz\r\n Size/MD5: 7548 1693ed2495751dcd73fc8e7831e0f7b3\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.2.dsc\r\n Size/MD5: 793 2ddea51c8941c40224ecbf1be95acbc7\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz\r\n Size/MD5: 1737021 c7246bb724664189ade7895547387e6a\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-3.1ubuntu0.2_all.deb\r\n Size/MD5: 271716 96e8d4db4814825634dd6405cd32e661\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_amd64.deb\r\n Size/MD5: 207388 b9592ee21a871f90c618ccb4e309fceb\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_amd64.deb\r\n Size/MD5: 182416 d8d8bf445c26d45277150e63f3e07e0f\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_amd64.deb\r\n Size/MD5: 17944 4dd4b1fcd5e2cf58edd55559261a8893\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_i386.deb\r\n Size/MD5: 186190 b50a22929e5c58d64dddfd1dc5759c35\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_i386.deb\r\n Size/MD5: 167294 8eb6710e251969c670919faf0ac0d316\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_i386.deb\r\n Size/MD5: 16286 ac1b771cbab2ec97903515fcc0d502ef\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_powerpc.deb\r\n Size/MD5: 207382 17861a22d0b851f3ae565050d6b5f944\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_powerpc.deb\r\n Size/MD5: 186342 1cdc9f3177873d0991df70dd94274164\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_powerpc.deb\r\n Size/MD5: 23136 1f88bd61ca71dc25c811eb87019e5318\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_sparc.deb\r\n Size/MD5: 202306 36a414f896e6b9c0cd85fb80adcdc3a2\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_sparc.deb\r\n Size/MD5: 176046 ea143767a8b47e38c705d7f63514eb38\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_sparc.deb\r\n Size/MD5: 17062 ba9845b780219b6280d245df9871dcae\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.04.1.diff.gz\r\n Size/MD5: 7945 db9719db8b4185a2dc1dfd9c7502a840\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.04.1.dsc\r\n Size/MD5: 897 aa5a40fac6d3a20e262b676a6ffb9905\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz\r\n Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu0.8.04.1_all.deb\r\n Size/MD5: 271782 067cc55b9a443ccb54640265c83d2713\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 204758 8d00854e0f547a1ba43a6273d989753e\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 182500 8f982b8f49392e464d8ee6dfcf5c7d45\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 18628 8bd56a6e3c735459894df6d35cca5069\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 190508 8719abb2577f1e835809901d278a1cc3\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 174632 f0c237795563bc56e93a30b2420be5d8\r\n http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 16854 51f4fa4bdea92af7adc8414d77c4f940\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 190544 0be66144da34d745b6a205e39acf6b8d\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 175152 6e321d7e9535b094a49cda9cca39cd98\r\n http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 16912 4ff571582af7b37e8bbf69c410e174e4\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 208426 3f9a023a87a4b83cb773892caabd0995\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 193284 53296daa6fee0c24910bccf542aeab5c\r\n http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 26614 d5f2e2ba285723762a04276cdd7788bf\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 198188 541e5763f6b8c93e5c7fd3ad4c5036dd\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 174884 3a7230c7e0a3ee6c4d338bbbfc51b8d6\r\n http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 18216 9a1750b1705281550cc63b12263122eb\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.10.1.diff.gz\r\n Size/MD5: 7947 3d9209546d67ea082b3f0bbfed1eda90\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.10.1.dsc\r\n Size/MD5: 1307 8e55c1cd1eebccde6dddbe717edbea01\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz\r\n Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu0.8.10.1_all.deb\r\n Size/MD5: 271786 3ca10a1afb13e2c4869b3a61ccca2f9c\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_amd64.deb\r\n Size/MD5: 18226 3ff0320cac60266fbede66a12d94e722\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_amd64.deb\r\n Size/MD5: 207528 c8080917e04e780dcb7949b942315fcf\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_amd64.deb\r\n Size/MD5: 185396 dd4b18c6101536755ec2059fa9ace7d7\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_i386.deb\r\n Size/MD5: 16320 3e4ea0e6701bb7c1b361f400a197789e\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_i386.deb\r\n Size/MD5: 191792 7f2520ac7a4df757be3fac75aa1f8b3d\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_i386.deb\r\n Size/MD5: 175384 0688b920531b4bc30622df181049a969\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_lpia.deb\r\n Size/MD5: 16296 3ab52a223003ac3f1f75b15bbe94c2c7\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_lpia.deb\r\n Size/MD5: 192812 2c3bb8fdd898b2ea244835aac37bf91e\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_lpia.deb\r\n Size/MD5: 175724 8a8a91ff084707ffc2c188ed82abaf9b\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb\r\n Size/MD5: 24438 dea1c25c5743967ac2e9bc720a5b53d0\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb\r\n Size/MD5: 210326 c972df4317570606da04f5037669f69d\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb\r\n Size/MD5: 195412 bf27b10058ad33b9d7070cecfd10cc9a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_sparc.deb\r\n Size/MD5: 18292 312e37cc9675e1c5ce1982b0d3d9c2f0\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_sparc.deb\r\n Size/MD5: 201314 2fc36c07e6f7a7bb9412b814d79c3e09\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_sparc.deb\r\n Size/MD5: 176600 f078e4b862815fff7c26dfd3c952af3b\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu1.1.diff.gz\r\n Size/MD5: 8054 75778c8b1637e8105a7d57c22f10fb1d\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu1.1.dsc\r\n Size/MD5: 1304 73331bc4957b531fa309e4defaaa61e8\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz\r\n Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu1.1_all.deb\r\n Size/MD5: 271766 85012965dbe448e39dbd770149873231\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_amd64.deb\r\n Size/MD5: 18224 9dabf870549fe87e2a07a0c5169ef858\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_amd64.deb\r\n Size/MD5: 207486 953705c1d863cfb6e35d26cb8f14c9ee\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_amd64.deb\r\n Size/MD5: 20924 1176ff52c290e7e6237416b3f8f11d53\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_amd64.deb\r\n Size/MD5: 182256 b9e6cdd69feb940940d2913d73b9beb9\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_i386.deb\r\n Size/MD5: 16326 6dd791cdcf2a5e80231d7175c82dc0fe\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_i386.deb\r\n Size/MD5: 191744 e5ecc9eab79e93ec0a8cac1662367a9c\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_i386.deb\r\n Size/MD5: 20688 43cdff77db7b69642d3f30b3eea62f3b\r\n http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_i386.deb\r\n Size/MD5: 172432 06df097a479c63b16c5e2d3055e1b9f4\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_lpia.deb\r\n Size/MD5: 16286 b6a14684d53478a10c5d5806bf9c4510\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_lpia.deb\r\n Size/MD5: 192746 7955ed46b6fd5016da6cdaee7f9f3a2a\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_lpia.deb\r\n Size/MD5: 20602 8cd2b29d7615c83af5f11cd37d880cdc\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_lpia.deb\r\n Size/MD5: 172836 81098a45b48473a75c485c184d9598c0\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_powerpc.deb\r\n Size/MD5: 24434 3f8a54144a10505439d5aade24cf0b23\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_powerpc.deb\r\n Size/MD5: 210282 7b74e82b61c5d893090d2ed2086104a6\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_powerpc.deb\r\n Size/MD5: 23020 65e66a2944b5d0e0837d1a4c23e06ff6\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_powerpc.deb\r\n Size/MD5: 190446 2882b245d28ea23d20e25fad7b0757e1\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_sparc.deb\r\n Size/MD5: 18302 5abf22e780e2c61d4c9e0ad14b0f9673\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_sparc.deb\r\n Size/MD5: 201282 e2933a793e52b2e4e70dff1b8c8d5cdb\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_sparc.deb\r\n Size/MD5: 20586 170e140a012c02e8558cc0af5f240210\r\n http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_sparc.deb\r\n Size/MD5: 173658 1eff93e12e2af48c8b2c38507c22371a\r\n\r\n", "edition": 1, "modified": "2009-05-04T00:00:00", "published": "2009-05-04T00:00:00", "id": "SECURITYVULNS:DOC:21768", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21768", "title": "[USN-769-1] libwmf vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "\nSecunia reports:\n\nA vulnerability has been reported in libwmf, which can be exploited\n\t by malicious people to cause a DoS (Denial of Service) or compromise\n\t an application using the library.\nThe vulnerability is caused due to a use-after-free error within the\n\t embedded GD library, which can be exploited to cause a crash or\n\t potentially to execute arbitrary code via a specially crafted WMF\n\t file.\n\n", "edition": 4, "modified": "2009-05-05T00:00:00", "published": "2009-05-05T00:00:00", "id": "6A245F31-4254-11DE-B67A-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/6a245f31-4254-11de-b67a-0030843d3802.html", "title": "libwmf -- embedded GD library Use-After-Free vulnerability", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "### Background\n\nlibwmf is a library for converting WMF files. \n\n### Description\n\nThe embedded fork of the GD library introduced a \"use-after-free\" vulnerability in a modification which is specific to libwmf. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libwmf users should upgrade to the latest version which no longer builds the GD library: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libwmf-0.2.8.4-r3\"", "edition": 1, "modified": "2009-07-02T00:00:00", "published": "2009-07-02T00:00:00", "id": "GLSA-200907-01", "href": "https://security.gentoo.org/glsa/200907-01", "type": "gentoo", "title": "libwmf: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "[0.2.8.4-10.2]\n- Resolves: rhbz#497511 CVE-2009-1364 bad realloc", "edition": 4, "modified": "2009-04-30T00:00:00", "published": "2009-04-30T00:00:00", "id": "ELSA-2009-0457", "href": "http://linux.oracle.com/errata/ELSA-2009-0457.html", "title": "libwmf security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "A library for reading and converting Windows MetaFile vector graphics (WMF). ", "modified": "2009-05-27T19:04:47", "published": "2009-05-27T19:04:47", "id": "FEDORA:1E0BA10F897", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: libwmf-0.2.8.4-18.1.fc9", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "A library for reading and converting Windows MetaFile vector graphics (WMF). ", "modified": "2009-05-27T19:04:02", "published": "2009-05-27T19:04:02", "id": "FEDORA:7222710F85A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libwmf-0.2.8.4-18.1.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "A library for reading and converting Windows MetaFile vector graphics (WMF). ", "modified": "2009-05-27T19:03:27", "published": "2009-05-27T19:03:27", "id": "FEDORA:C962310F87F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libwmf-0.2.8.4-20.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1364"], "description": "libwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library embedded\nin libwmf. An attacker could create a specially-crafted WMF file that would\ncause an application using libwmf to crash or, potentially, execute\narbitrary code as the user running the application when opened by a victim.\n(CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in libwmf.\nIt does not affect the GD graphics library from the \"gd\" packages, or\napplications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team for\nresponsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, all applications using libwmf must be restarted for the update\nto take effect.", "modified": "2017-09-08T11:47:50", "published": "2009-04-30T04:00:00", "id": "RHSA-2009:0457", "href": "https://access.redhat.com/errata/RHSA-2009:0457", "type": "redhat", "title": "(RHSA-2009:0457) Moderate: libwmf security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-04-06T11:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:136141256231064002", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064002", "type": "openvas", "title": "FreeBSD Ports: libwmf", "sourceData": "#\n#VID 6a245f31-4254-11de-b67a-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 6a245f31-4254-11de-b67a-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libwmf\n\nCVE-2009-1364\nUse-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\ncrafted WMF file.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=496864\nhttps://rhn.redhat.com/errata/RHSA-2009-0457.html\nhttp://secunia.com/advisories/34901/\nhttp://www.vuxml.org/freebsd/6a245f31-4254-11de-b67a-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64002\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: libwmf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libwmf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.8.4_3\")<0) {\n txt += 'Package libwmf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing updates to libwmf announced in\nadvisory CESA-2009:0457.", "modified": "2017-07-10T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:64014", "href": "http://plugins.openvas.org/nasl.php?oid=64014", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0457 (libwmf)", "sourceData": "#CESA-2009:0457 64014 6\n# $Id: ovcesa2009_0457.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0457 (libwmf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0457\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0457\nhttps://rhn.redhat.com/errata/RHSA-2009-0457.html\";\ntag_summary = \"The remote host is missing updates to libwmf announced in\nadvisory CESA-2009:0457.\";\n\n\n\nif(description)\n{\n script_id(64014);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0457 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~10.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~10.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.3~5.8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.3~5.8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0457.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library embedded\nin libwmf. An attacker could create a specially-crafted WMF file that would\ncause an application using libwmf to crash or, potentially, execute\narbitrary code as the user running the application when opened by a victim.\n(CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in libwmf.\nIt does not affect the GD graphics library from the gd packages, or\napplications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team for\nresponsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, all applications using libwmf must be restarted for the update\nto take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:136141256231063909", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063909", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0457", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0457.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0457 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0457.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library embedded\nin libwmf. An attacker could create a specially-crafted WMF file that would\ncause an application using libwmf to crash or, potentially, execute\narbitrary code as the user running the application when opened by a victim.\n(CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in libwmf.\nIt does not affect the GD graphics library from the gd packages, or\napplications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team for\nresponsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, all applications using libwmf must be restarted for the update\nto take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63909\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0457\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0457.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.3~5.8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.3~5.8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.3~5.8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~10.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~10.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~10.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to libwmf\nannounced via advisory MDVSA-2009:106.", "modified": "2017-07-06T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64126", "href": "http://plugins.openvas.org/nasl.php?oid=64126", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:106 (libwmf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_106.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:106 (libwmf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Use-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a crafted\nWMF file (CVE-2009-1364).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:106\";\ntag_summary = \"The remote host is missing an update to libwmf\nannounced via advisory MDVSA-2009:106.\";\n\n \n\nif(description)\n{\n script_id(64126);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:106 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7\", rpm:\"libwmf0.2_7~0.2.8.4~16.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7-devel\", rpm:\"libwmf0.2_7-devel~0.2.8.4~16.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~16.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7\", rpm:\"lib64wmf0.2_7~0.2.8.4~16.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7-devel\", rpm:\"lib64wmf0.2_7-devel~0.2.8.4~16.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7\", rpm:\"libwmf0.2_7~0.2.8.4~17.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7-devel\", rpm:\"libwmf0.2_7-devel~0.2.8.4~17.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~17.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7\", rpm:\"lib64wmf0.2_7~0.2.8.4~17.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7-devel\", rpm:\"lib64wmf0.2_7-devel~0.2.8.4~17.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7\", rpm:\"libwmf0.2_7~0.2.8.4~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7-devel\", rpm:\"libwmf0.2_7-devel~0.2.8.4~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7\", rpm:\"lib64wmf0.2_7~0.2.8.4~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7-devel\", rpm:\"lib64wmf0.2_7-devel~0.2.8.4~17.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7\", rpm:\"libwmf0.2_7~0.2.8~6.6.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7-devel\", rpm:\"libwmf0.2_7-devel~0.2.8~6.6.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8~6.6.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7\", rpm:\"lib64wmf0.2_7~0.2.8~6.6.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7-devel\", rpm:\"lib64wmf0.2_7-devel~0.2.8~6.6.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7\", rpm:\"libwmf0.2_7~0.2.8.3~6.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf0.2_7-devel\", rpm:\"libwmf0.2_7-devel~0.2.8.3~6.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.3~6.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7\", rpm:\"lib64wmf0.2_7~0.2.8.3~6.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64wmf0.2_7-devel\", rpm:\"lib64wmf0.2_7-devel~0.2.8.3~6.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:64002", "href": "http://plugins.openvas.org/nasl.php?oid=64002", "type": "openvas", "title": "FreeBSD Ports: libwmf", "sourceData": "#\n#VID 6a245f31-4254-11de-b67a-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 6a245f31-4254-11de-b67a-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libwmf\n\nCVE-2009-1364\nUse-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\ncrafted WMF file.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=496864\nhttps://rhn.redhat.com/errata/RHSA-2009-0457.html\nhttp://secunia.com/advisories/34901/\nhttp://www.vuxml.org/freebsd/6a245f31-4254-11de-b67a-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64002);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: libwmf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libwmf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.8.4_3\")<0) {\n txt += 'Package libwmf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "Check for the Version of libwmf", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880898", "href": "http://plugins.openvas.org/nasl.php?oid=880898", "type": "openvas", "title": "CentOS Update for libwmf CESA-2009:0457 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libwmf CESA-2009:0457 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libwmf is a library for reading and converting Windows Metafile Format\n (WMF) vector graphics. libwmf is used by applications such as GIMP and\n ImageMagick.\n\n A pointer use-after-free flaw was found in the GD graphics library embedded\n in libwmf. An attacker could create a specially-crafted WMF file that would\n cause an application using libwmf to crash or, potentially, execute\n arbitrary code as the user running the application when opened by a victim.\n (CVE-2009-1364)\n \n Note: This flaw is specific to the GD graphics library embedded in libwmf.\n It does not affect the GD graphics library from the "gd" packages, or\n applications using it.\n \n Red Hat would like to thank Tavis Ormandy of the Google Security Team for\n responsibly reporting this flaw.\n \n All users of libwmf are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. After installing the\n update, all applications using libwmf must be restarted for the update\n to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libwmf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015922.html\");\n script_id(880898);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0457\");\n script_cve_id(\"CVE-2009-1364\");\n script_name(\"CentOS Update for libwmf CESA-2009:0457 centos4 i386\");\n\n script_summary(\"Check for the Version of libwmf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.3~5.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.3~5.8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5517.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:136141256231064076", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064076", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5517 (libwmf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5517.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5517 (libwmf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A library for reading and converting Windows MetaFile vector graphics (WMF).\n\nUpdate Information:\n\nCVE-2009-1364 libwmf: embedded gd use-after-free error\n\nChangeLog:\n\n* Tue May 26 2009 Caol\u00e1n McNamara - 0.2.8.4-18.1\n- Resolves: CVE-2009-1364\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libwmf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5517\";\ntag_summary = \"The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5517.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64076\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5517 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5517.", "modified": "2017-07-10T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64076", "href": "http://plugins.openvas.org/nasl.php?oid=64076", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5517 (libwmf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5517.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5517 (libwmf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A library for reading and converting Windows MetaFile vector graphics (WMF).\n\nUpdate Information:\n\nCVE-2009-1364 libwmf: embedded gd use-after-free error\n\nChangeLog:\n\n* Tue May 26 2009 Caol\u00e1n McNamara - 0.2.8.4-18.1\n- Resolves: CVE-2009-1364\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libwmf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5517\";\ntag_summary = \"The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5517.\";\n\n\n\nif(description)\n{\n script_id(64076);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5517 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~18.1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5524.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:136141256231064093", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064093", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-5524 (libwmf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5524.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5524 (libwmf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A library for reading and converting Windows MetaFile vector graphics (WMF).\n\nUpdate Information:\n\nCVE-2009-1364 libwmf: embedded gd use-after-free error\n\nChangeLog:\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libwmf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5524\";\ntag_summary = \"The remote host is missing an update to libwmf\nannounced via advisory FEDORA-2009-5524.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64093\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-5524 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libwmf\", rpm:\"libwmf~0.2.8.4~18.1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-devel\", rpm:\"libwmf-devel~0.2.8.4~18.1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-lite\", rpm:\"libwmf-lite~0.2.8.4~18.1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwmf-debuginfo\", rpm:\"libwmf-debuginfo~0.2.8.4~18.1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-01.", "modified": "2017-07-07T00:00:00", "published": "2009-07-06T00:00:00", "id": "OPENVAS:64364", "href": "http://plugins.openvas.org/nasl.php?oid=64364", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-01 (libwmf)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libwmf bundles an old GD version which contains a 'use-after-free'\n vulnerability.\";\ntag_solution = \"All libwmf users should upgrade to the latest version which no longer\n builds the GD library:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=268161\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-01.\";\n\n \n \n\nif(description)\n{\n script_id(64364);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)\");\n script_cve_id(\"CVE-2009-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200907-01 (libwmf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libwmf\", unaffected: make_list(\"ge 0.2.8.4-r3\"), vulnerable: make_list(\"lt 0.2.8.4-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:32", "description": "The remote host is affected by the vulnerability described in GLSA-200907-01\n(libwmf: User-assisted execution of arbitrary code)\n\n The embedded fork of the GD library introduced a 'use-after-free'\n vulnerability in a modification which is specific to libwmf.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted WMF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2009-07-03T00:00:00", "title": "GLSA-200907-01 : libwmf: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-07-03T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libwmf"], "id": "GENTOO_GLSA-200907-01.NASL", "href": "https://www.tenable.com/plugins/nessus/39595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200907-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39595);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_xref(name:\"GLSA\", value:\"200907-01\");\n\n script_name(english:\"GLSA-200907-01 : libwmf: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200907-01\n(libwmf: User-assisted execution of arbitrary code)\n\n The embedded fork of the GD library introduced a 'use-after-free'\n vulnerability in a modification which is specific to libwmf.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted WMF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200907-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libwmf users should upgrade to the latest version which no longer\n builds the GD library:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libwmf-0.2.8.4-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libwmf\", unaffected:make_list(\"ge 0.2.8.4-r3\"), vulnerable:make_list(\"lt 0.2.8.4-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:52:46", "description": "A specially crafted WMF files could crash libwmf. (CVE-2009-1364)", "edition": 20, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libwmf (libwmf-821)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwmf-devel", "p-cpe:/a:novell:opensuse:libwmf", "p-cpe:/a:novell:opensuse:libwmf-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libwmf-gnome", "p-cpe:/a:novell:opensuse:libwmf-gnome-32bit"], "id": "SUSE_11_1_LIBWMF-090512.NASL", "href": "https://www.tenable.com/plugins/nessus/40273", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwmf-821.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40273);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-1364\");\n\n script_name(english:\"openSUSE Security Update : libwmf (libwmf-821)\");\n script_summary(english:\"Check for the libwmf-821 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"A specially crafted WMF files could crash libwmf. (CVE-2009-1364)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495842\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwmf-gnome-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libwmf-0.2.8.4-206.24.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libwmf-devel-0.2.8.4-206.24.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libwmf-gnome-0.2.8.4-206.24.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libwmf-32bit-0.2.8.4-206.24.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libwmf-gnome-32bit-0.2.8.4-206.24.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf / libwmf-32bit / libwmf-devel / libwmf-gnome / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:07", "description": "Use-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\ncrafted WMF file (CVE-2009-1364).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "edition": 24, "published": "2009-05-06T00:00:00", "title": "Mandriva Linux Security Advisory : libwmf (MDVSA-2009:106-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-05-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64wmf0.2_7-devel", "p-cpe:/a:mandriva:linux:libwmf0.2_7-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libwmf0.2_7", "p-cpe:/a:mandriva:linux:lib64wmf0.2_7", "p-cpe:/a:mandriva:linux:libwmf"], "id": "MANDRIVA_MDVSA-2009-106.NASL", "href": "https://www.tenable.com/plugins/nessus/38693", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:106. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38693);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_xref(name:\"MDVSA\", value:\"2009:106-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libwmf (MDVSA-2009:106-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\ncrafted WMF file (CVE-2009-1364).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wmf0.2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wmf0.2_7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwmf0.2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwmf0.2_7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wmf0.2_7-0.2.8.4-14.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64wmf0.2_7-devel-0.2.8.4-14.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libwmf-0.2.8.4-14.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwmf0.2_7-0.2.8.4-14.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libwmf0.2_7-devel-0.2.8.4-14.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:22", "description": "CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-05-28T00:00:00", "title": "Fedora 11 : libwmf-0.2.8.4-20.fc11 (2009-5518)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-05-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libwmf", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-5518.NASL", "href": "https://www.tenable.com/plugins/nessus/38934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5518.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38934);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_xref(name:\"FEDORA\", value:\"2009-5518\");\n\n script_name(english:\"Fedora 11 : libwmf-0.2.8.4-20.fc11 (2009-5518)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496864\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024164.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb0b8408\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libwmf-0.2.8.4-20.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:22", "description": "CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-05-28T00:00:00", "title": "Fedora 10 : libwmf-0.2.8.4-18.1.fc10 (2009-5524)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-05-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:libwmf"], "id": "FEDORA_2009-5524.NASL", "href": "https://www.tenable.com/plugins/nessus/38936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5524.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38936);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_xref(name:\"FEDORA\", value:\"2009-5524\");\n\n script_name(english:\"Fedora 10 : libwmf-0.2.8.4-18.1.fc10 (2009-5524)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496864\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adb8f014\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"libwmf-0.2.8.4-18.1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:22", "description": "CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-05-28T00:00:00", "title": "Fedora 9 : libwmf-0.2.8.4-18.1.fc9 (2009-5517)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-05-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libwmf", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-5517.NASL", "href": "https://www.tenable.com/plugins/nessus/38933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-5517.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38933);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_xref(name:\"FEDORA\", value:\"2009-5517\");\n\n script_name(english:\"Fedora 9 : libwmf-0.2.8.4-18.1.fc9 (2009-5517)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1364 libwmf: embedded gd use-after-free error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=496864\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024170.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5eb0c08f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"libwmf-0.2.8.4-18.1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:41", "description": "Updated libwmf packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in\nlibwmf. It does not affect the GD graphics library from the 'gd'\npackages, or applications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team\nfor responsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.", "edition": 27, "published": "2009-05-26T00:00:00", "title": "CentOS 4 / 5 : libwmf (CESA-2009:0457)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2009-05-26T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:libwmf-devel", "p-cpe:/a:centos:centos:libwmf", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0457.NASL", "href": "https://www.tenable.com/plugins/nessus/38900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0457 and \n# CentOS Errata and Security Advisory 2009:0457 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38900);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_xref(name:\"RHSA\", value:\"2009:0457\");\n\n script_name(english:\"CentOS 4 / 5 : libwmf (CESA-2009:0457)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libwmf packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in\nlibwmf. It does not affect the GD graphics library from the 'gd'\npackages, or applications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team\nfor responsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b3cc73f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015871.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf7e924a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015872.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdcd2517\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015922.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?026320c3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c499a1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"libwmf-0.2.8.3-5.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"libwmf-devel-0.2.8.3-5.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libwmf-0.2.8.4-10.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libwmf-devel-0.2.8.4-10.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf / libwmf-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:35:50", "description": "From Red Hat Security Advisory 2009:0457 :\n\nUpdated libwmf packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in\nlibwmf. It does not affect the GD graphics library from the 'gd'\npackages, or applications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team\nfor responsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : libwmf (ELSA-2009-0457)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libwmf", "p-cpe:/a:oracle:linux:libwmf-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-0457.NASL", "href": "https://www.tenable.com/plugins/nessus/67851", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0457 and \n# Oracle Linux Security Advisory ELSA-2009-0457 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67851);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_xref(name:\"RHSA\", value:\"2009:0457\");\n\n script_name(english:\"Oracle Linux 4 / 5 : libwmf (ELSA-2009-0457)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0457 :\n\nUpdated libwmf packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibwmf is a library for reading and converting Windows Metafile Format\n(WMF) vector graphics. libwmf is used by applications such as GIMP and\nImageMagick.\n\nA pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nNote: This flaw is specific to the GD graphics library embedded in\nlibwmf. It does not affect the GD graphics library from the 'gd'\npackages, or applications using it.\n\nRed Hat would like to thank Tavis Ormandy of the Google Security Team\nfor responsibly reporting this flaw.\n\nAll users of libwmf are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, all applications using libwmf must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000990.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000991.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwmf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libwmf-0.2.8.3-5.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libwmf-devel-0.2.8.3-5.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libwmf-0.2.8.4-10.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libwmf-devel-0.2.8.4-10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf / libwmf-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:33:17", "description": "A pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nAfter installing the update, all applications using libwmf must be\nrestarted for the update to take effect.", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090430_LIBWMF_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60578", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60578);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2009-1364\");\n\n script_name(english:\"Scientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A pointer use-after-free flaw was found in the GD graphics library\nembedded in libwmf. An attacker could create a specially crafted WMF\nfile that would cause an application using libwmf to crash or,\npotentially, execute arbitrary code as the user running the\napplication when opened by a victim. (CVE-2009-1364)\n\nAfter installing the update, all applications using libwmf must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=74\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?243f366c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwmf and / or libwmf-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"libwmf-0.2.8.3-5.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libwmf-devel-0.2.8.3-5.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libwmf-0.2.8.4-10.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libwmf-devel-0.2.8.4-10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:56:59", "description": "Tavis Ormandy discovered that libwmf incorrectly used memory after it\nhad been freed when using its embedded GD library. If a user or\nautomated system were tricked into opening a crafted WMF file, an\nattacker could cause a denial of service or execute arbitrary code\nwith privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-05-05T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libwmf vulnerability (USN-769-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1364"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwmf-dev", "p-cpe:/a:canonical:ubuntu_linux:libwmf-doc", "p-cpe:/a:canonical:ubuntu_linux:libwmf-bin", "p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7-gtk", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-769-1.NASL", "href": "https://www.tenable.com/plugins/nessus/38685", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-769-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38685);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2009-1364\");\n script_bugtraq_id(34792);\n script_xref(name:\"USN\", value:\"769-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libwmf vulnerability (USN-769-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered that libwmf incorrectly used memory after it\nhad been freed when using its embedded GD library. If a user or\nautomated system were tricked into opening a crafted WMF file, an\nattacker could cause a denial of service or execute arbitrary code\nwith privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/769-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwmf0.2-7-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libwmf-bin\", pkgver:\"0.2.8.3-3.1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libwmf-dev\", pkgver:\"0.2.8.3-3.1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libwmf-doc\", pkgver:\"0.2.8.3-3.1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.3-3.1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libwmf-bin\", pkgver:\"0.2.8.4-6ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libwmf-dev\", pkgver:\"0.2.8.4-6ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libwmf-doc\", pkgver:\"0.2.8.4-6ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-6ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libwmf-bin\", pkgver:\"0.2.8.4-6ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libwmf-dev\", pkgver:\"0.2.8.4-6ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libwmf-doc\", pkgver:\"0.2.8.4-6ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-6ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwmf-bin\", pkgver:\"0.2.8.4-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwmf-dev\", pkgver:\"0.2.8.4-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwmf-doc\", pkgver:\"0.2.8.4-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwmf0.2-7\", pkgver:\"0.2.8.4-6ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwmf0.2-7-gtk\", pkgver:\"0.2.8.4-6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwmf-bin / libwmf-dev / libwmf-doc / libwmf0.2-7 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3376", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3477", "CVE-2009-1364", "CVE-2009-3546", "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696", "CVE-2016-9011"], "description": "Arch Linux Security Advisory ASA-201701-1\n=========================================\n\nSeverity: Critical\nDate : 2017-01-01\nCVE-ID : CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472\nCVE-2007-3473 CVE-2007-3477 CVE-2009-1364 CVE-2009-3546\nCVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696\nCVE-2016-9011\nPackage : libwmf\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-16\n\nSummary\n=======\n\nThe package libwmf before version 0.2.8.4-14 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 0.2.8.4-14.\n\n# pacman -Syu \"libwmf>=0.2.8.4-14\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2006-3376 (arbitrary code execution)\n\nInteger overflow in player.c in libwmf 0.2.8.4, as used in multiple\nproducts including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5)\nlibgsf, and (6) imagemagick allows remote attackers to execute\narbitrary code via the MaxRecordSize header field in a WMF file.\n\n- CVE-2007-0455 (arbitrary code execution)\n\nBuffer overflow in the gdImageStringFTEx function in gdft.c in GD\nGraphics Library 2.0.33 and earlier allows remote attackers to cause a\ndenial of service (application crash) and possibly execute arbitrary\ncode via a crafted string with a JIS encoded font.\n\n- CVE-2007-2756 (denial of service)\n\nThe gdPngReadData function in libgd 2.0.34 allows user-assisted\nattackers to cause a denial of service (CPU consumption) via a crafted\nPNG image with truncated data, which causes an infinite loop in the\npng_read_info function in libpng.\n\n- CVE-2007-3472 (denial of service)\n\nInteger overflow in gdImageCreateTrueColor function in the GD Graphics\nLibrary (libgd) before 2.0.35 allows user-assisted remote attackers to\nhave unspecified attack vectors and impact.\n\n- CVE-2007-3473 (denial of service)\n\nThe gdImageCreateXbm function in the GD Graphics Library (libgd) before\n2.0.35 allows user-assisted remote attackers to cause a denial of\nservice (crash) via unspecified vectors involving a gdImageCreate\nfailure.\n\n- CVE-2007-3477 (denial of service)\n\nThe (a) imagearc and (b) imagefilledarc functions in GD Graphics\nLibrary (libgd) before 2.0.35 allow attackers to cause a denial of\nservice (CPU consumption) via a large (1) start or (2) end angle degree\nvalue.\n\n- CVE-2009-1364 (arbitrary code execution)\n\nUse-after-free vulnerability in the embedded GD library in libwmf\n0.2.8.4 allows context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a crafted\nWMF file.\n\n- CVE-2009-3546 (arbitrary code execution)\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before\n5.3.1, and the GD Graphics Library 2.x, does not properly verify a\ncertain colorsTotal structure member, which might allow remote\nattackers to conduct buffer overflow or buffer over-read attacks via a\ncrafted GD file.\n\n- CVE-2015-0848 (arbitrary code execution)\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) containing BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code\nwith the privileges of the user running the application.\n\n- CVE-2015-4588 (arbitrary code execution)\n\nIt was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) with embedded BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code\nwith the privileges of the user running the application.\n\n- CVE-2015-4695 (arbitrary code execution)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash or execute arbitrary code with the\nprivileges of the user running the application.\n\n- CVE-2015-4696 (arbitrary code execution)\n\nIt was discovered that libwmf did not properly process certain WMF\nfiles. By tricking a victim into opening a specially crafted WMF file\nin an application using libwmf, a remote attacker could possibly\nexploit this flaw to cause a crash or execute arbitrary code with the\nprivileges of the user running the application.\n\n- CVE-2016-9011 (denial of service)\n\nA memory allocation failure in function wmf_malloc in api.c was\nreported in libwmf. Opening a maliciously crafted file could cause the\napplication to crash.\n\nImpact\n======\n\nA remote attacker is able to use specially crafted files to crash the\napplication or execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/49162\nhttp://www.openwall.com/lists/oss-security/2015/06/16/4\nhttps://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c\nhttps://security.archlinux.org/CVE-2006-3376\nhttps://security.archlinux.org/CVE-2007-0455\nhttps://security.archlinux.org/CVE-2007-2756\nhttps://security.archlinux.org/CVE-2007-3472\nhttps://security.archlinux.org/CVE-2007-3473\nhttps://security.archlinux.org/CVE-2007-3477\nhttps://security.archlinux.org/CVE-2009-1364\nhttps://security.archlinux.org/CVE-2009-3546\nhttps://security.archlinux.org/CVE-2015-0848\nhttps://security.archlinux.org/CVE-2015-4588\nhttps://security.archlinux.org/CVE-2015-4695\nhttps://security.archlinux.org/CVE-2015-4696\nhttps://security.archlinux.org/CVE-2016-9011", "modified": "2017-01-01T00:00:00", "published": "2017-01-01T00:00:00", "id": "ASA-201701-1", "href": "https://security.archlinux.org/ASA-201701-1", "type": "archlinux", "title": "[ASA-201701-1] libwmf: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2020-12-08T15:24:54", "bulletinFamily": "tools", "cvelist": ["CVE-2016-3622", "CVE-2009-3546", "CVE-2016-5314", "CVE-2016-7176", "CVE-2016-4476", "CVE-2016-7420", "CVE-2016-3623", "CVE-2016-6306", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-2183", "CVE-2016-3619", "CVE-2016-2178", "CVE-2016-5322", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-6302", "CVE-2016-3658", "CVE-2016-7177", "CVE-2016-3632", "CVE-2016-7180", "CVE-2016-2177", "CVE-2010-2596", "CVE-2016-7179", "CVE-2016-5104", "CVE-2016-3189", "CVE-2016-3620", "CVE-2015-8751", "CVE-2007-2756", "CVE-2016-6352", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-2180", "CVE-2016-5320", "CVE-2015-4695", "CVE-2007-3477", "CVE-2015-7313", "CVE-2016-3186", "CVE-2016-7175", "CVE-2016-5323", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-5315", "CVE-2014-8130", "CVE-2015-5203", "CVE-2015-7554", "CVE-2007-3472", "CVE-2016-3990", "CVE-2016-4477", "CVE-2016-3633", "CVE-2016-6223", "CVE-2007-0455", "CVE-2016-5317", "CVE-2016-3624", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-5221", "CVE-2016-6303", "CVE-2015-4696", "CVE-2016-5102", "CVE-2006-3376", "CVE-2016-2182", "CVE-2009-1364", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-2179", "CVE-2016-7178", "CVE-2015-0848"], "description": "[  ](<https://4.bp.blogspot.com/-Uf2o3nvS9iI/V-iDG8z9gdI/AAAAAAAAGNQ/lMp_2XaKabgLXdkrp0YBjUx8yOnf0IZzwCLcB/s1600/archlinux-logo-dark.png>)\n\n \nAn utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data \n \nUses data collected by the awesome [ Arch CVE Monitoring Team ](<https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team>) . \n \n** Installation ** \n \n** From AUR ** \nThe PKGBUILD is available [ on AUR ](<https://aur.archlinux.org/packages/arch-audit>) . \nAfter the installation just execute ` arch-audit ` . \n \n** From sources ** \n\n \n \n git clone https://github.com/ilpianista/arch-audit\n cd arch-audit\n cargo build\n cargo run\n\n \n** Example output ** \n\n \n \n $ arch-audit\n Package libwmf is affected by [\"CVE-2009-1364\", \"CVE-2006-3376\", \"CVE-2007-0455\", \"CVE-2007-2756\", \"CVE-2007-3472\", \"CVE-2007-3473\", \"CVE-2007-3477\", \"CVE-2009-3546\", \"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2016-5875\", \"CVE-2016-5314\", \"CVE-2016-5315\", \"CVE-2016-5316\", \"CVE-2016-5317\", \"CVE-2016-5320\", \"CVE-2016-5321\", \"CVE-2016-5322\", \"CVE-2016-5323\", \"CVE-2016-5102\", \"CVE-2016-3991\", \"CVE-2016-3990\", \"CVE-2016-3945\", \"CVE-2016-3658\", \"CVE-2016-3634\", \"CVE-2016-3633\", \"CVE-2016-3632\", \"CVE-2016-3631\", \"CVE-2016-3625\", \"CVE-2016-3624\", \"CVE-2016-3623\", \"CVE-2016-3622\", \"CVE-2016-3621\", \"CVE-2016-3620\", \"CVE-2016-3619\", \"CVE-2016-3186\", \"CVE-2015-8668\", \"CVE-2015-7313\", \"CVE-2014-8130\", \"CVE-2014-8127\", \"CVE-2010-2596\", \"CVE-2016-6223\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2015-7554\", \"CVE-2015-8683\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-8751\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5221\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5203\"]. VULNERABLE!\n Package lib32-openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1:1.0.2.i-1!\n Package wireshark-cli is affected by [\"CVE-2016-7180\", \"CVE-2016-7175\", \"CVE-2016-7176\", \"CVE-2016-7177\", \"CVE-2016-7178\", \"CVE-2016-7179\"]. Update to 2.2.0-1!\n Package wpa_supplicant is affected by [\"CVE-2016-4477\", \"CVE-2016-4476\"]. VULNERABLE!\n Package openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1.0.2.i-1!\n Package crypto++ is affected by [\"CVE-2016-7420\"]. VULNERABLE!\n Package bzip2 is affected by [\"CVE-2016-3189\"]. VULNERABLE!\n Package libimobiledevice is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package libusbmuxd is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package gdk-pixbuf2 is affected by [\"CVE-2016-6352\"]. VULNERABLE!\n \n $ arch-audit --upgradable --quiet\n wireshark-cli>=2.2.0-1\n openssl>=1.0.2.i-1\n lib32-openssl>=1:1.0.2.i-1\n \n $ arch-audit -uf \"%n|%c\"\n openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179\n lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n\n \n \n\n\n** [ Download arch-audit ](<https://github.com/ilpianista/arch-audit>) **\n", "edition": 18, "modified": "2016-10-15T14:30:02", "published": "2016-10-15T14:30:02", "id": "KITPLOIT:2973941148692546578", "href": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "title": "arch-audit - An utility like pkg-audit for Arch Linux", "type": "kitploit", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
