Release DateApr 23, 2010 |
Severitymedium |
ImpactSuccessful exploitation of this vulnerability may allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. |
Descriptionlibwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.The following vulnerability has been discovered: - CVE-2009-1364 A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially-crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the "gd" packages, or applications using it. |
Affected Products |
Recommended ActionsAll users of libwmf are advised to upgrade to the updated packages (refer to CentOS advisoryCentOS 4 ia64 http://lists.centos.org/pipermail/centos-announce/2009-May/015841.html CentOS 4 s390 http://lists.centos.org/pipermail/centos-announce/2009-May/015843.html CentOS 5 i386 http://lists.centos.org/pipermail/centos-announce/2009-May/015871.html CentOS 5 x86_64 http://lists.centos.org/pipermail/centos-announce/2009-May/015872.html CentOS 4 i386 http://lists.centos.org/pipermail/centos-announce/2009-May/015922.html CentOS 4 x86_64 http://lists.centos.org/pipermail/centos-announce/2009-May/015923.html ), which contain a backported patch to correct the issue. After installing the update, all applications using libwmf must be restarted for the update to take effect. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-1364 |
