Security update for libwmf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1212-1 Final 1 1 2015-07-01T13:51:59Z current 2015-07-01T13:51:59Z 2015-07-01T13:51:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libwmf libwmf was updated to fix four security issues. These security issues were fixed: - CVE-2015-4588: Heap overflow (bnc#933109). - CVE-2015-4696: Use after free (bnc#936062). - CVE-2015-4695: Heap buffer over read (bnc#936058). - CVE-2015-0848: Heap overflow (bnc#933109). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html E-Mail link for openSUSE-SU-2015:1212-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libwmf-0.2.8.4-234.7.1 libwmf-0_2-7-0.2.8.4-234.7.1 libwmf-0_2-7-32bit-0.2.8.4-234.7.1 libwmf-devel-0.2.8.4-234.7.1 libwmf-gnome-0.2.8.4-234.7.1 libwmf-gnome-32bit-0.2.8.4-234.7.1 libwmf-tools-0.2.8.4-234.7.1 Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. CVE-2015-0848 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html https://www.suse.com/security/cve/CVE-2015-0848.html CVE-2015-0848 https://bugzilla.suse.com/933109 SUSE Bug 933109 Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. CVE-2015-4588 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html https://www.suse.com/security/cve/CVE-2015-4588.html CVE-2015-4588 https://bugzilla.suse.com/933109 SUSE Bug 933109 meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. CVE-2015-4695 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html https://www.suse.com/security/cve/CVE-2015-4695.html CVE-2015-4695 https://bugzilla.suse.com/936058 SUSE Bug 936058 Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. CVE-2015-4696 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html https://www.suse.com/security/cve/CVE-2015-4696.html CVE-2015-4696 https://bugzilla.suse.com/936062 SUSE Bug 936062