Updated libwmf package fixes security vulnerability
Publication date: 05 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0848 , CVE-2015-4588 , CVE-2015-4695 , CVE-2015-4696
Description
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0848, CVE-2015-4588). Two out of bounds reads in libwmf were also discovered, one in the meta_pen_create() function in player/meta.h (CVE-2015-4695) and one in wmf2gd.c and wmf2eps.c (CVE-2015-4696)
References
- https://bugs.mageia.org/show_bug.cgi?id=16127
- https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html
- http://openwall.com/lists/oss-security/2015/06/21/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0848
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4696
SRPMS
4/core
- libwmf-0.2.8.4-30.2.mga4
5/core
- libwmf-0.2.8.4-32.2.mga5