libwmf

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library for reading vector images in Microsoft's native Windows Metafile Format (WMF)
Version 0.2.13-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-16 0.2.8.4-13 0.2.8.4-14 Critical Fixed FS#49162
Issue Group Severity Remote Type Description
CVE-2016-9011 AVG-16 Low No Denial of service
A memory allocation failure in function wmf_malloc in api.c was reported in libwmf. Opening a maliciously crafted file could cause the application to crash.
CVE-2015-4696 AVG-16 Critical Yes Arbitrary code execution
It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application...
CVE-2015-4695 AVG-16 Critical Yes Arbitrary code execution
It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application...
CVE-2015-4588 AVG-16 Critical Yes Arbitrary code execution
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a...
CVE-2015-0848 AVG-16 Critical Yes Arbitrary code execution
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially...
CVE-2009-3546 AVG-16 Critical Yes Arbitrary code execution
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal...
CVE-2009-1364 AVG-16 Critical Yes Arbitrary code execution
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application...
CVE-2007-3477 AVG-16 Medium Yes Denial of service
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU...
CVE-2007-3473 AVG-16 Low Yes Denial of service
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash)...
CVE-2007-3472 AVG-16 Low Yes Denial of service
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have...
CVE-2007-2756 AVG-16 Low Yes Denial of service
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with...
CVE-2007-0455 AVG-16 Critical Yes Arbitrary code execution
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service...
CVE-2006-3376 AVG-16 Critical Yes Arbitrary code execution
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6)...

Advisories

Date Advisory Group Severity Type
01 Jan 2017 ASA-201701-1 AVG-16 Critical multiple issues