Vulnerability CVE-2015-4696: Information

Description

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-4696
Published: July 1, 2015
Modified: Sept. 22, 2017

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libwmfsisyphus0.2.8.4-alt130.2.8.4-alt13ALT-PU-2017-2327-1188953Fixed
libwmfp100.2.8.4-alt130.2.8.4-alt13ALT-PU-2017-2327-1188953Fixed
libwmfp90.2.8.4-alt130.2.8.4-alt13ALT-PU-2017-2327-1188953Fixed
libwmfc10f10.2.8.4-alt130.2.8.4-alt13ALT-PU-2017-2327-1188953Fixed
libwmfc9f20.2.8.4-alt130.2.8.4-alt13ALT-PU-2017-2327-1188953Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192
    • Exploit
    [oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
      http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
        75331
          GLSA-201602-03
            FEDORA-2015-10601
              RHSA-2015:1917
                USN-2670-1
                  DSA-3302
                    openSUSE-SU-2015:1212
                      1032771

                          1. Configuration 1

                            cpe:2.3:a:wvware:libwmf:0.2.8.4:*:*:*:*:*:*:*
                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                        Version: v24.5.1
                        Back to top