Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-253-1 libwmf

Debian Security Advisory

DLA-253-1 libwmf -- LTS security update

Date Reported:

26 Jun 2015

Affected Packages:

libwmf

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-0848, CVE-2015-4588.

More information:

The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files:

• CVE-2015-0848

  A heap overflow when decoding embedded BMP images that don't use 8 bits per pixel.

• CVE-2015-4588

  A missing check in the RLE decoding of embedded BMP images.

We recommend that you update your libwmf packages.