Overview Repositories Revisions Requests Users Attributes Meta
Security update for libwmf

libwmf was updated to fix three security issues and one non-security bug.

The following vulnerabilities were fixed:

* CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges. (boo#933109)
* CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)
* CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299)

The following non-security bug was fixed:

* boo#892356: Make libwmf-tools not depend on libwmf-devel

Fixed bugs
bnc#892356
libwmf-devel dependency problems
CVE-CVE-2015-0848
CVE-CVE-2015-4588
bnc#933109
VUL-1: CVE-2015-0848: libwmf: CVE-2015-0848 - Heap overflow on libwmf0.2-7
CVE-CVE-2009-1364
bnc#495842
VUL-0: libwmf embedded gd use-after-free error
bnc#831299
[openSUSE goes SLE12]: libwmf: Change and/or patches may have been lost
Selected Binaries
openSUSE Build Service is sponsored by
Places