| Name | CentOS.Security.Update.acpid.CESA-2009-0474 |
| Release Date | May 10, 2010 |
| Severity | Medium |
| Impact | An attacker could create a specially-crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. |
| Description | libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick.
There is a pointer use-after-free flaw in the GD graphics library embedded in libwmf. (CVE-2009-1364)
Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the "gd" packages, or applications using it. |
| Recommended Actions | All users of libwmf are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libwmf must be restarted for the update to take effect.
Refer to CentOS advisory CESA-2009:0474 for updates and patch information.
CentOS 3 ia64: http://lists.centos.org/pipermail/centos-announce/2009-May/015859.html
CentOS 3 x86_64: http://lists.centos.org/pipermail/centos-announce/2009-May/015846.html
CentOS 4 i386: http://lists.centos.org/pipermail/centos-announce/2009-May/015926.html
CentOS 4 ia64: http://lists.centos.org/pipermail/centos-announce/2009-May/015861.html
CentOS 4 x86_64: http://lists.centos.org/pipermail/centos-announce/2009-May/015927.html
CentOS 5 i386: http://lists.centos.org/pipermail/centos-announce/2009-May/015873.html
CentOS 5 x86_64: http://lists.centos.org/pipermail/centos-announce/2009-May/015874.html |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1364
|