CVE-2015-4696

Опубликовано: 03 мая 2015

Источник: redhat

CVSS2: 4

EPSS Низкий

Описание

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libwmf	Will not fix
Red Hat Enterprise Linux 6	libwmf	Fixed	RHSA-2015:1917	20.10.2015
Red Hat Enterprise Linux 7	libwmf	Fixed	RHSA-2015:1917	20.10.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1235669libwmf: use-after-free flaw in meta.h

EPSS

Процентиль: 83%

0.01958

Низкий

4 Medium

CVSS2

Связанные уязвимости

CVE-2015-4696

ubuntu

около 10 лет назад

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

CVE-2015-4696

nvd

около 10 лет назад

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

CVE-2015-4696

debian

около 10 лет назад

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers ...

GHSA-4c7m-gh7v-c837

github

больше 3 лет назад

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

SUSE-SU-2015:1378-1

suse-cvrf

около 10 лет назад

Security update for libwmf

EPSS

Процентиль: 83%

0.01958

Низкий

4 Medium

CVSS2