ID CVE-2015-4695
Summary meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
References
Vulnerable Configurations
  • wvWare libwmf 0.2.8.4
    cpe:2.3:a:wvware:libwmf:0.2.8.4
CVSS
Base: 5.0 (as of 30-12-2016 - 14:29)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-120-01.NASL
    description New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-05-01
    plugin id 109432
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109432
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2670-1.NASL
    description Fernando Munoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84635
    published 2015-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84635
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : libwmf vulnerabilities (USN-2670-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1917.NASL
    description Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86485
    published 2015-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86485
    title CentOS 6 / 7 : libwmf (CESA-2015:1917)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10601.NASL
    description CVE-2015-0848 Heap overflow CVE-2015-4588 RLE decoding doesn't check that the 'count' fits into the image CVE-2015-4695 meta_pen_create heap buffer overflow CVE-2015-4696 wmf2gd/wmf2eps use after free Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85084
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85084
    title Fedora 21 : libwmf-0.2.8.4-45.fc21 (2015-10601)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-257.NASL
    description libwmf is vulnerable to two denial of service due to invalid read operations when processing specially crafted WMF files. CVE-2015-4695 Heap buffer overread in libwmf CVE-2015-4696 Read after free() in wmf2gd/wmf2eps For the squeeze distribution, those issues have been fixed in libwmf 0.2.8.4-6.2+deb6u2. We recommend that you upgrade your libwmf packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 84435
    published 2015-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84435
    title Debian DLA-257-1 : libwmf security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-10627.NASL
    description CVE-2015-0848 heap overflow when decoding BMP images CVE-2015-4588 RLE decoding doesn't check that the 'count' fits into the image CVE-2015-4695 meta_pen_create heap buffer overflow CVE-2015-4696 wmf2gd/wmf2eps use after free Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 84679
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84679
    title Fedora 22 : libwmf-0.2.8.4-45.fc22 (2015-10627)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1917.NASL
    description From Red Hat Security Advisory 2015:1917 : Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86487
    published 2015-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86487
    title Oracle Linux 6 / 7 : libwmf (ELSA-2015-1917)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1484-1.NASL
    description libwmf was updated to fix five security issues. These security issues were fixed : - CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299) - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109) - CVE-2015-4588: DecodeImage() did not check that the run-length 'count' fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109) - CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058) - CVE-2015-4696: Use after free (bsc#936062) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85796
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85796
    title SUSE SLED12 Security Update : libwmf (SUSE-SU-2015:1484-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201602-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201602-03 (libwmf: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause Denial of Service. Workaround : There is no known work around at this time.
    last seen 2019-02-21
    modified 2017-10-02
    plugin id 103586
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103586
    title GLSA-201602-03 : libwmf: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1917.NASL
    description Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86488
    published 2015-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86488
    title RHEL 6 / 7 : libwmf (RHSA-2015:1917)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-604.NASL
    description It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848 , CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. (CVE-2007-2756) Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. (CVE-2007-0455) The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293 . NOTE: some of these details are obtained from third party information. (CVE-2009-3546) Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 86635
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86635
    title Amazon Linux AMI : libwmf (ALAS-2015-604)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151020_LIBWMF_ON_SL6_X.NASL
    description It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 86489
    published 2015-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86489
    title Scientific Linux Security Update : libwmf on SL6.x, SL7.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CA139C7F2A8C11E5A4A5002590263BF5.NASL
    description Mitre reports : Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information. Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84782
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84782
    title FreeBSD : libwmf -- multiple vulnerabilities (ca139c7f-2a8c-11e5-a4a5-002590263bf5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1378-1.NASL
    description libwmf was updated to fix four security issues. These security issues were fixed : - CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109). - CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109). - CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062). - CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85399
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85399
    title SUSE SLED11 Security Update : libwmf (SUSE-SU-2015:1378-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-477.NASL
    description libwmf was updated to fix four security issues. These security issues were fixed : - CVE-2015-4588: Heap overflow (bnc#933109). - CVE-2015-4696: Use after free (bnc#936062). - CVE-2015-4695: Heap buffer over read (bnc#936058). - CVE-2015-0848: Heap overflow (bnc#933109).
    last seen 2018-09-01
    modified 2015-07-13
    plugin id 84656
    published 2015-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84656
    title openSUSE Security Update : libwmf (openSUSE-2015-477)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3302.NASL
    description Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84552
    published 2015-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84552
    title Debian DSA-3302-1 : libwmf - security update
redhat via4
advisories
rhsa
id RHSA-2015:1917
rpms
  • libwmf-0:0.2.8.4-25.el6_7
  • libwmf-devel-0:0.2.8.4-25.el6_7
  • libwmf-lite-0:0.2.8.4-25.el6_7
  • libwmf-0:0.2.8.4-41.el7_1
  • libwmf-devel-0:0.2.8.4-41.el7_1
  • libwmf-lite-0:0.2.8.4-41.el7_1
refmap via4
bid 75329
confirm
debian DSA-3302
fedora FEDORA-2015-10601
gentoo GLSA-201602-03
mlist
  • [oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
  • [oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7
sectrack 1032771
suse openSUSE-SU-2015:1212
ubuntu USN-2670-1
Last major update 27-12-2016 - 21:59
Published 01-07-2015 - 10:59
Last modified 21-09-2017 - 21:29
Back to Top