CVE-2015-0848

Опубликовано: 01 июн. 2015

Источник: redhat

CVSS2: 6.8

EPSS Низкий

Описание

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libwmf	Will not fix
Red Hat Enterprise Linux 6	libwmf	Fixed	RHSA-2015:1917	20.10.2015
Red Hat Enterprise Linux 7	libwmf	Fixed	RHSA-2015:1917	20.10.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1227243libwmf: heap overflow when decoding BMP images

EPSS

Процентиль: 89%

0.04681

Низкий

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2015-0848

ubuntu

больше 10 лет назад

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-0848

nvd

больше 10 лет назад

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-0848

debian

больше 10 лет назад

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers t ...

GHSA-8h7p-8xq5-x3gj

github

больше 3 лет назад

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

SUSE-SU-2015:1378-1

suse-cvrf

больше 10 лет назад

Security update for libwmf

EPSS

Процентиль: 89%

0.04681

Низкий

6.8 Medium

CVSS2