// For flags

CVE-2009-1364

libwmf: embedded gd use-after-free error

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

vulnerabilidad de uso después de liberación (use-after-free) en la librería incrustada GD en libwmf v0.2.8.4 permite a atacantes dependiendo del contexto causar una denegación de servicio (cuelgue de aplicación) o posiblemente ejecutar código a su elección a través de un archivo WMF elaborado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-04-22 CVE Reserved
  • 2009-05-01 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (27)
URL Tag Source
http://secunia.com/advisories/34901 Third Party Advisory
http://secunia.com/advisories/34964 Third Party Advisory
http://secunia.com/advisories/35001 Third Party Advisory
http://secunia.com/advisories/35025 Third Party Advisory
http://secunia.com/advisories/35190 Third Party Advisory
http://secunia.com/advisories/35416 Third Party Advisory
http://secunia.com/advisories/35686 Third Party Advisory
http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log X_refsource_confirm
http://www.securityfocus.com/bid/34792 Vdb Entry
http://www.securitytracker.com/id?1022154 Vdb Entry
http://www.vupen.com/english/advisories/2009/1228 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50290 Vdb Entry
https://launchpad.net/bugs/cve/2009-1364 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html 2018-10-30
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html 2018-10-30
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html 2018-10-30
http://rhn.redhat.com/errata/RHSA-2009-0457.html 2018-10-30
http://security.gentoo.org/glsa/glsa-200907-01.xml 2018-10-30
http://www.debian.org/security/2009/dsa-1796 2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 2018-10-30
http://www.ubuntu.com/usn/USN-769-1 2018-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=496864 2009-04-30
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html 2018-10-30
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html 2018-10-30
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html 2018-10-30
https://access.redhat.com/security/cve/CVE-2009-1364 2009-04-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Francis James Franklin
Search vendor "Francis James Franklin"
 Libwmf
Search vendor "Francis James Franklin" for product "Libwmf"
 0.2.8.4
Search vendor "Francis James Franklin" for product "Libwmf" and version "0.2.8.4"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected