Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1484-1

Опубликовано: 31 июл. 2015
Источник: suse-cvrf

Описание

Security update for libwmf

libwmf was updated to fix five security issues.

These security issues were fixed:

  • CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299)
  • CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109)
  • CVE-2015-4588: DecodeImage() did not check that the run-length 'count' fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109)
  • CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058)
  • CVE-2015-4696: Use after free (bsc#936062)

Список пакетов

SUSE Linux Enterprise Desktop 12
libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12
libwmf-0_2-7-0.2.8.4-242.3
libwmf-devel-0.2.8.4-242.3
libwmf-gnome-0.2.8.4-242.3
SUSE Linux Enterprise Workstation Extension 12
libwmf-0_2-7-0.2.8.4-242.3

Ссылки

Описание

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-devel-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-gnome-0.2.8.4-242.3
Ссылки

Описание

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-devel-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-gnome-0.2.8.4-242.3
Ссылки

Описание

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-devel-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-gnome-0.2.8.4-242.3
Ссылки

Описание

meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-devel-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-gnome-0.2.8.4-242.3
Ссылки

Описание

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-0_2-7-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-devel-0.2.8.4-242.3
SUSE Linux Enterprise Software Development Kit 12:libwmf-gnome-0.2.8.4-242.3
Ссылки