Overview

File _patchinfo of Package patchinfo.718

<patchinfo incident="718">
  <issue id="831299" tracker="bnc">libwmf: Change and/or patches may have been lost</issue>
  <issue id="495842" tracker="bnc">VUL-0: libwmf embedded gd use-after-free error</issue>
  <issue id="933109" tracker="bnc">VUL-1: CVE-2015-0848,CVE-2015-4588: libwmf: CVE-2015-0848 - Heap overflow on libwmf0.2-7</issue>
  <issue id="936058" tracker="bnc"></issue>
  <issue id="936062" tracker="bnc"></issue>
  <issue id="CVE-2015-4588" tracker="cve" />
  <issue id="CVE-2015-0848" tracker="cve" />
  <issue id="CVE-2009-1364" tracker="cve" />
  <issue id="CVE-2015-4695" tracker="cve" />
  <issue id="CVE-2015-4696" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>fstrba</packager>
  <description>libwmf was updated to fix five security issues.

These security issues were fixed:
- CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299)
- CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109)
- CVE-2015-4588: DecodeImage() did not check that the run-length "count" fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109)
- CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058)
- CVE-2015-4696: Use after free (bsc#936062)
</description>
  <summary>Security update for libwmf</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places