6 matches found
CVE-2015-4588
CVE-2015-4588 is a heap-based buffer overflow in the DecodeImage function of libwmf 0.2.8.4. It allows remote attackers to crash or possibly execute arbitrary code via a crafted WMF image (embedded BMP run-length). Public advisories (Debian DSA-3302-1, CentOS/CESA-2015:1917, Fedora updates, ALAS-...
CVE-2015-4695
Summary (CVE-2015-4695) : libwmf 0.2.8.4 contains a flaw in meta.h that allows a remote attacker to trigger an out-of-bounds read via a crafted WMF file, potentially crashing the application or enabling arbitrary code execution. Impact and exploit details are consistently described across multipl...
CVE-2015-0848
CVE-2015-0848 affects libwmf (0.2.8.4). A heap-based buffer overflow occurs when processing WMF files with embedded BMP images, enabling remote attackers to crash or possibly execute arbitrary code. Public advisories/updates across distributions fix libwmf to newer releases (e.g., 0.2.8.4-14 and ...
CVE-2015-4696
CVE-2015-4696 is a use-after-free/processing flaw in libwmf 0.2.8.4 that can be triggered by opening specially crafted WMF files and may crash the application or allow arbitrary code execution via wmf2gd or wmf2eps. Multiple advisories (CentOS/CentOS-ASA, Debian DSA-3302, Red Hat/ALAS-604, Fedora...
CVE-2006-3376
CVE-2006-3376 is an integer overflow in libwmf 0.2.8.4 (and older) related to the MaxRecordSize header in WMF files that enables remote code execution or crash when processing crafted WMF data. Affected software range includes libwmf and its use in wv, abiword, freetype, gimp, libgsf, and imagema...
CVE-2016-9011
CVE-2016-9011 affects libwmf up to version 0.2.8.4, where the wmf_malloc function in api.c can fail memory allocation when processing a crafted WMF file. This can crash the targeted application (denial of service). The public description in the initial document specifies the vulnerability as a re...