CVE-2009-1364

Related Files

Mandriva Linux Security Advisory 2009-106

Posted Dec 3, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-106 - Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2009-1364

SHA-256 | 5cb44f12c77908cfbf9ca906f929f9aea4dee9928984eed0e19f2d787203cd4a

Download | Favorite | View

Gentoo Linux Security Advisory 200907-1

Posted Jul 2, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2009-1364

SHA-256 | 10499a79b0bc5e2bf13aec58b6593b8d6c105fe091f20deb36de34436aa88dff

Download | Favorite | View

Debian Linux Security Advisory 1796-1

Posted May 8, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1796-1 - Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library.

tags | advisory, denial of service, arbitrary

systems | linux, windows, debian

advisories | CVE-2009-1364

SHA-256 | 274b56cbf75d50d4e41c7bc0e804a37ff8ed4411d41f2eb39cf4a32e4a1ad9be

Download | Favorite | View

Mandriva Linux Security Advisory 2009-106

Posted May 5, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-106 - Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. The updated packages have been patched to prevent this.

tags | advisory, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2009-1364

SHA-256 | 99fbf7ea6f2ca979b7df8e78761945a30c5a2f1a716c68d794f65a22a82cf82b

Download | Favorite | View

Ubuntu Security Notice 769-1

Posted May 5, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-769-1 - Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-1364

SHA-256 | fc625410bbac770a65772afbde2a9fa436f433a02da1acb710efb6833d0c9530

Download | Favorite | View