Updated libwmf packages fix security vulnerability
Publication date: 21 Sep 2017Modification date: 21 Sep 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6362
Description
Double free vulnerability in the gdImagePngPtr function in libgd2 before
2.2.5 allows remote attackers to cause a denial of service via vectors
related to a palette with no colors. (CVE-2017-6362)
References
- https://bugs.mageia.org/show_bug.cgi?id=21707
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OKUOTJ5FTMWQN74T3VDU57PWIVHXIOY2/
- http://pkgs.fedoraproject.org/cgit/rpms/libwmf.git/commit/?id=e17758d24cb2e2613c2e71755dc86a21505c4140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362
SRPMS
6/core
- libwmf-0.2.8.4-37.1.mga6
5/core
- libwmf-0.2.8.4-32.5.mga5