SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libwmf Vendors:   wvware.sourceforge.net
(CentOS Issues Fix) libwmf Heap Overflow and Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1033911
SecurityTracker URL:  http://securitytracker.com/id/1033911
CVE Reference:   CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696   (Links to External Site)
Date:  Oct 21 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.2.8.4
Description:   Multiple vulnerabilities were reported in libwmf. A remote user can cause arbitrary code to be executed on the target system. A remote user can cause the target service to crash.

A remote user can create a specially crafted BMP file that, when processed by the target application using libwmf, will trigger a heap overflow and execute arbitrary code on the target system [CVE-2015-0848]. The code will run with the privileges of the target application.

A remote user can create a specially crafted WMF file that, when processed by the target application using libwmf, will trigger a heap overflow in the DecodeImage() function and execute arbitrary code on the target system [CVE-2015-4588]. The code will run with the privileges of the target application.

A remote user can create a specially crafted WMF file that, when processed by the target application using libwmf, will trigger an out-of-bounds read and cause denial of service conditions [CVE-2015-4695].

A remote user can create a specially crafted WMF file that, when processed by the target application using libwmf, will trigger a use-after-free in the wmf2gd or wmf2eps commands and cause denial of service conditions [CVE-2015-4696].

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions on the target application.

Solution:   CentOS has issued a fix.

x86_64:
5ed570d4fde8b82a8afa9e80f583c4e7b13a97082a5db055f8be2090e93715f1 libwmf-0.2.8.4-41.el7_1.i686.rpm
b1c055db91f3bffa284bd70320e160b1ca033d6583fc9c7277add1320c5cbf6c libwmf-0.2.8.4-41.el7_1.x86_64.rpm
162311177b047ae561d7ad8582aeb133d495cde220d98148b845d6f95ffdccb7 libwmf-devel-0.2.8.4-41.el7_1.i686.rpm
a30366fb0ea3038edbd37fbf1c5af6dbf8aa916b2a0f44c3688eb0a7483fe277 libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm
28902aad9e43c2180326989bdfdf97cce6c9e9ea6ddcd7ec8bcb199dd1af5b8f libwmf-lite-0.2.8.4-41.el7_1.i686.rpm
e885f66e6535eac38beee7735af25fc953add506f2cbd11bc4d9e6c6c93b0df2 libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm

Source:
13e0550e1860c4c2e933933fe633c8c9cb23c2fe8891557dbc1a0d846d08c3cd libwmf-0.2.8.4-41.el7_1.src.rpm

i386:
8094aac8d2a6cd87009e8c0fb44f9097b21ad843d5125fac8a3f4a9a5e8242c4 libwmf-0.2.8.4-25.el6_7.i686.rpm
f4920bee03a0712ac222418ee49ffb5ed24779aec168b8efff64ce189cbdc5d0 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
f216434c249f954b2066a0dfdaf67f64fa2aff5a0a2c393e7429f1f1399aca9b libwmf-lite-0.2.8.4-25.el6_7.i686.rpm

x86_64:
8094aac8d2a6cd87009e8c0fb44f9097b21ad843d5125fac8a3f4a9a5e8242c4 libwmf-0.2.8.4-25.el6_7.i686.rpm
393e871409aaa5b9b605030e7cd5a31e143b5857f6bbc1b3323caf61355947b7 libwmf-0.2.8.4-25.el6_7.x86_64.rpm
f4920bee03a0712ac222418ee49ffb5ed24779aec168b8efff64ce189cbdc5d0 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm
1da8df05d2f2be015715c6441d86761c4ba23c46c4beceb2d8115ae66cac2da6 libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm
f216434c249f954b2066a0dfdaf67f64fa2aff5a0a2c393e7429f1f1399aca9b libwmf-lite-0.2.8.4-25.el6_7.i686.rpm
bbd4a2306e50b317e63f817fd09ab6ea3d059e04f0880ff0df1334b59fcfcb29 libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm

Source:
78f1f72b8daca54fa0194c4ddf6c6fd4b9519697cb8ac32fdf83c2c4c33c13a1 libwmf-0.2.8.4-25.el6_7.src.rpm

Cause:   Access control error, Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 2 2015 libwmf Heap Overflow and Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1917 Important CentOS 7 libwmf Security Update


CentOS Errata and Security Advisory 2015:1917 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1917.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5ed570d4fde8b82a8afa9e80f583c4e7b13a97082a5db055f8be2090e93715f1  libwmf-0.2.8.4-41.el7_1.i686.rpm
b1c055db91f3bffa284bd70320e160b1ca033d6583fc9c7277add1320c5cbf6c  libwmf-0.2.8.4-41.el7_1.x86_64.rpm
162311177b047ae561d7ad8582aeb133d495cde220d98148b845d6f95ffdccb7  libwmf-devel-0.2.8.4-41.el7_1.i686.rpm
a30366fb0ea3038edbd37fbf1c5af6dbf8aa916b2a0f44c3688eb0a7483fe277  libwmf-devel-0.2.8.4-41.el7_1.x86_64.rpm
28902aad9e43c2180326989bdfdf97cce6c9e9ea6ddcd7ec8bcb199dd1af5b8f  libwmf-lite-0.2.8.4-41.el7_1.i686.rpm
e885f66e6535eac38beee7735af25fc953add506f2cbd11bc4d9e6c6c93b0df2  libwmf-lite-0.2.8.4-41.el7_1.x86_64.rpm

Source:
13e0550e1860c4c2e933933fe633c8c9cb23c2fe8891557dbc1a0d846d08c3cd  libwmf-0.2.8.4-41.el7_1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC