AVG-16

Package libwmf
Status Fixed
Severity Critical
Type multiple issues
Affected 0.2.8.4-13
Fixed 0.2.8.4-14
Current 0.2.10-1 [extra]
Ticket FS#49162
Created Sun Sep 18 15:54:41 2016
Issue Severity Remote Type Description
CVE-2016-9011 Low No Denial of service
A memory allocation failure in function wmf_malloc in api.c was reported in libwmf. Opening a maliciously crafted file could cause the application to crash.
CVE-2015-4696 Critical Yes Arbitrary code execution
It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application...
CVE-2015-4695 Critical Yes Arbitrary code execution
It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application...
CVE-2015-4588 Critical Yes Arbitrary code execution
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a...
CVE-2015-0848 Critical Yes Arbitrary code execution
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially...
CVE-2009-3546 Critical Yes Arbitrary code execution
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal...
CVE-2009-1364 Critical Yes Arbitrary code execution
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application...
CVE-2007-3477 Medium Yes Denial of service
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU...
CVE-2007-3473 Low Yes Denial of service
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash)...
CVE-2007-3472 Low Yes Denial of service
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have...
CVE-2007-2756 Low Yes Denial of service
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with...
CVE-2007-0455 Critical Yes Arbitrary code execution
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service...
CVE-2006-3376 Critical Yes Arbitrary code execution
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6)...
Date Advisory Package Description
01 Jan 2017 ASA-201701-1 libwmf multiple issues