Errata ALT-PU-2017-2327-1: Information
Fixes
Published: July 1, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-0848
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
Severity: MEDIUM (6.8)
Links:
- [oss-security] 20150601 CVE-2015-0848 - Heap overflow on libwmf0.2-7
- FEDORA-2015-9674
- openSUSE-SU-2015:1134
- openSUSE-SU-2015:1132
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 74923
- GLSA-201602-03
- FEDORA-2015-14848
- RHSA-2015:1917
- FEDORA-2015-14847
- USN-2670-1
- DSA-3302
- openSUSE-SU-2015:1212
- 1032771
Published: July 1, 2015
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2015-4588
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
Severity: MEDIUM (6.8)
Links:
- [oss-security] 20150603 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- https://bugzilla.redhat.com/show_bug.cgi?id=1227243
- [oss-security] 20150615 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- FEDORA-2015-9674
- openSUSE-SU-2015:1134
- openSUSE-SU-2015:1132
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75230
- GLSA-201602-03
- RHSA-2015:1917
- USN-2670-1
- DSA-3302
- openSUSE-SU-2015:1212
- 1032771
Published: July 1, 2015
Modified: Sept. 22, 2017
Modified: Sept. 22, 2017
CVE-2015-4695
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
Severity: MEDIUM (5.0)
Links:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784205
- [oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- [oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75329
- GLSA-201602-03
- FEDORA-2015-10601
- RHSA-2015:1917
- USN-2670-1
- DSA-3302
- openSUSE-SU-2015:1212
- 1032771
Published: July 1, 2015
Modified: Sept. 22, 2017
Modified: Sept. 22, 2017
CVE-2015-4696
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
Severity: MEDIUM (4.3)
Links:
- [oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192
- [oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75331
- GLSA-201602-03
- FEDORA-2015-10601
- RHSA-2015:1917
- USN-2670-1
- DSA-3302
- openSUSE-SU-2015:1212
- 1032771
Published: March 23, 2017
Modified: March 27, 2017
Modified: March 27, 2017
CVE-2016-9011
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links: