| Name | CentOS.Security.libwmf.Update.CESA.2009.0457 |
| Release Date | Apr 23, 2010 |
| Severity | Medium |
| Impact | An attacker could create a specially-crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. |
| Description | libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.
A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. (CVE-2009-1364)
Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the "gd" packages, or applications using it. |
| Recommended Actions | To resolve this issue, please upgrade to the latest packages which contain a backported patch.
Refer to CentOS advisory CentOS 4 ia64 CentOS 4 s390 CentOS 5 i386 CentOS 5 x86_64 CentOS 4 i386 CentOS 4 x86_64 for updates and patch information. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1364
|