{ "schema_version": "1.7.0", "id": "MGASA-2015-0261", "published": "2015-07-05T17:22:03Z", "modified": "2015-07-09T07:56:53Z", "summary": "Updated libwmf package fixes security vulnerability", "details": "It was discovered that libwmf did not correctly process certain WMF\n(Windows Metafiles) containing BMP images. By tricking a victim into\nopening a specially crafted WMF file in an application using libwmf, a\nremote attacker could possibly use this flaw to execute arbitrary code\nwith the privileges of the user running the application (CVE-2015-0848,\nCVE-2015-4588).\n\nTwo out of bounds reads in libwmf were also discovered, one in the\nmeta_pen_create() function in player/meta.h (CVE-2015-4695) and one in\nwmf2gd.c and wmf2eps.c (CVE-2015-4696)\n", "upstream": [ "CVE-2015-0848", "CVE-2015-4588", "CVE-2015-4695", "CVE-2015-4696" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0261.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=16127" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2015/06/21/3" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "libwmf", "purl": "pkg:rpm/mageia/libwmf?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.2.8.4-30.2.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "libwmf", "purl": "pkg:rpm/mageia/libwmf?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.2.8.4-32.2.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }