6 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. La función wmf_malloc en api.c en libwmf 0.2.8.4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo wmf manipulado, lo que desencadena un fallo de asignación de memoria. • http://www.openwall.com/lists/oss-security/2016/10/25/1 http://www.securityfocus.com/bid/93860 https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c https://bugzilla.redhat.com/show_bug.cgi?id=1388450 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. Desbordamiento de buffer basado en memoria dinámica en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen BMP manipulada. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 1

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Vulnerabilidad de uso después de liberación en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero WMF manipulado en el comando (1) wmf2gd o (2) wmf2eps. It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.debian.org/security/2015/dsa-3302 http://www.openwall.com/lists/oss-security/2015/06/17/3 http://www.openwall.com/lists/oss-security/2015/06/21/3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75331 http:&#x • CWE-416: Use After Free •

CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 1

meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. meta.h en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un fichero WMF manipulado. It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.debian.org/security/2015/dsa-3302 http://www.openwall.com/lists/oss-security/2015/06/17/3 http://www.openwall.com/lists/oss-security/2015/06/21/3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75329 http:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 1

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. Desbordamiento de buffer basado en memoria dinámica en la función DecodeImage en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una 'cuenta del longitud de realización' manipulada en una imagen en un fichero WMF. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.debian.org/security/2015/dsa-3302 http://www.openwall.com/lists/oss-security/2015/06/03/6 http://www.openwall.com/lists/oss-security/2015/06/16& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •