Problem Description:
Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
Problem Description:
Use-after-free vulnerability in the embedded GD library in libwmf
0.2.8.4 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WMF file (CVE-2009-1364).
The updated packages have been patched to prevent this.
Update:
Debian bug : 526434
CVE ID : CVE-2009-1364
Tavis Ormandy discovered that the embedded GD library copy in libwmf,
a library to parse windows metafiles (WMF), makes use of a pointer
after it was already freed. An attacker using a crafted WMF file can
cause a denial of service or possibly the execute arbitrary code via
applications using this library.
vulnerability.
Background
==========
libwmf is a library for converting WMF files.
Affected packages
=================
-------------------------------------------------------------------
Details follow:
Tavis Ormandy discovered that libwmf incorrectly used memory after it had
been freed when using its embedded GD library. If a user or automated
system were tricked into opening a crafted WMF file, an attacker could
cause a denial of service or execute arbitrary code with privileges of the
user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Windows Metafile AttemptWrite Heap Overflow
Release Date:
August 14, 2007
Date Reported:
March 27, 2007
Severity:
High (Code Execution)
