Debian Security Advisory

DLA-253-1 libwmf -- LTS security update

Date Reported:
26 Jun 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-0848, CVE-2015-4588.
More information:

The following vulnerabilities were discovered in the Windows Metafile conversion library when reading BMP images embedded into WMF files:

  • CVE-2015-0848

    A heap overflow when decoding embedded BMP images that don't use 8 bits per pixel.

  • CVE-2015-4588

    A missing check in the RLE decoding of embedded BMP images.

We recommend that you update your libwmf packages.