ID CVE-2009-1364
Summary Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
References
Vulnerable Configurations
  • cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4
    cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 7.5 (as of 14-07-2015 - 14:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200907-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200907-01 (libwmf: User-assisted execution of arbitrary code) The embedded fork of the GD library introduced a 'use-after-free' vulnerability in a modification which is specific to libwmf. Impact : A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 39595
    published 2009-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39595
    title GLSA-200907-01 : libwmf: User-assisted execution of arbitrary code
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0457.NASL
    description Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the 'gd' packages, or applications using it. Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw. All users of libwmf are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38659
    published 2009-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38659
    title RHEL 4 / 5 : libwmf (RHSA-2009:0457)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0457.NASL
    description From Red Hat Security Advisory 2009:0457 : Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the 'gd' packages, or applications using it. Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw. All users of libwmf are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67851
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67851
    title Oracle Linux 4 / 5 : libwmf (ELSA-2009-0457)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5524.NASL
    description CVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38936
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38936
    title Fedora 10 : libwmf-0.2.8.4-18.1.fc10 (2009-5524)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5517.NASL
    description CVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38933
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38933
    title Fedora 9 : libwmf-0.2.8.4-18.1.fc9 (2009-5517)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBWMF-090512.NASL
    description A specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 40273
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40273
    title openSUSE Security Update : libwmf (libwmf-821)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBWMF-090423.NASL
    description A specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 40052
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40052
    title openSUSE Security Update : libwmf (libwmf-821)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-443.NASL
    description libwmf was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed : - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges. (boo#933109) - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109) - CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299) The following non-security bug was fixed : - boo#892356: Make libwmf-tools not depend on libwmf-devel
    last seen 2019-02-21
    modified 2015-06-25
    plugin id 84384
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84384
    title openSUSE Security Update : libwmf (openSUSE-2015-443)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBWMF-090428.NASL
    description A specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen 2018-09-02
    modified 2013-10-25
    plugin id 41433
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41433
    title SuSE 11 Security Update : libwmf (SAT Patch Number 822)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1484-1.NASL
    description libwmf was updated to fix five security issues. These security issues were fixed : - CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299) - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109) - CVE-2015-4588: DecodeImage() did not check that the run-length 'count' fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109) - CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058) - CVE-2015-4696: Use after free (bsc#936062) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85796
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85796
    title SUSE SLED12 Security Update : libwmf (SUSE-SU-2015:1484-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5518.NASL
    description CVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38934
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38934
    title Fedora 11 : libwmf-0.2.8.4-20.fc11 (2009-5518)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090430_LIBWMF_ON_SL4_X.NASL
    description A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60578
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60578
    title Scientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1796.NASL
    description Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38704
    published 2009-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38704
    title Debian DSA-1796-1 : libwmf - pointer use-after-free
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-106.NASL
    description Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38693
    published 2009-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38693
    title Mandriva Linux Security Advisory : libwmf (MDVSA-2009:106-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6A245F31425411DEB67A0030843D3802.NASL
    description Secunia reports : A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. The vulnerability is caused due to a use-after-free error within the embedded GD library, which can be exploited to cause a crash or potentially to execute arbitrary code via a specially crafted WMF file.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 38804
    published 2009-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38804
    title FreeBSD : libwmf -- embedded GD library Use-After-Free vulnerability (6a245f31-4254-11de-b67a-0030843d3802)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0457.NASL
    description Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the 'gd' packages, or applications using it. Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw. All users of libwmf are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38900
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38900
    title CentOS 4 / 5 : libwmf (CESA-2009:0457)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBWMF-6212.NASL
    description A specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 38788
    published 2009-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38788
    title openSUSE 10 Security Update : libwmf (libwmf-6212)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBWMF-6213.NASL
    description A specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 51755
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51755
    title SuSE 10 Security Update : libwmf (ZYPP Patch Number 6213)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-769-1.NASL
    description Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38685
    published 2009-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38685
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libwmf vulnerability (USN-769-1)
oval via4
accepted 2013-04-29T04:10:16.812-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
family unix
id oval:org.mitre.oval:def:10959
status accepted
submitted 2010-07-09T03:56:16-04:00
title Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
version 24
redhat via4
advisories
bugzilla
id 496864
title CVE-2009-1364 libwmf: embedded gd use-after-free error
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment libwmf is earlier than 0:0.2.8.3-5.8
          oval oval:com.redhat.rhsa:tst:20090457002
        • comment libwmf is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090457003
      • AND
        • comment libwmf-devel is earlier than 0:0.2.8.3-5.8
          oval oval:com.redhat.rhsa:tst:20090457004
        • comment libwmf-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090457005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libwmf is earlier than 0:0.2.8.4-10.2
          oval oval:com.redhat.rhsa:tst:20090457007
        • comment libwmf is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090457008
      • AND
        • comment libwmf-devel is earlier than 0:0.2.8.4-10.2
          oval oval:com.redhat.rhsa:tst:20090457009
        • comment libwmf-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090457010
rhsa
id RHSA-2009:0457
released 2009-04-30
severity Moderate
title RHSA-2009:0457: libwmf security update (Moderate)
rpms
  • libwmf-0:0.2.8.3-5.8
  • libwmf-devel-0:0.2.8.3-5.8
  • libwmf-0:0.2.8.4-10.2
  • libwmf-devel-0:0.2.8.4-10.2
refmap via4
bid 34792
confirm
debian DSA-1796
fedora
  • FEDORA-2009-5517
  • FEDORA-2009-5518
  • FEDORA-2009-5524
gentoo GLSA-200907-01
mandriva MDVSA-2009:106
sectrack 1022154
secunia
  • 34901
  • 34964
  • 35001
  • 35025
  • 35190
  • 35416
  • 35686
suse
  • SUSE-SR:2009:011
  • openSUSE-SU-2015:1132
  • openSUSE-SU-2015:1134
ubuntu USN-769-1
vupen ADV-2009-1228
xf libwmf-gdlibrary-code-execution(50290)
Last major update 15-07-2015 - 11:04
Published 01-05-2009 - 13:30
Last modified 30-10-2018 - 12:27
Back to Top