Debian Security Advisory
DLA-257-1 libwmf -- LTS security update
- Date Reported:
- 29 Jun 2015
- Affected Packages:
- libwmf
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 784192, Bug 784205.
In Mitre's CVE dictionary: CVE-2015-4695, CVE-2015-4696. - More information:
-
libwmf is vulnerable to two denial of service due to invalid read operations when processing specially crafted WMF files.
- CVE-2015-4695
Heap buffer overread in libwmf
- CVE-2015-4696
Read after free() in wmf2gd/wmf2eps
For the squeeze distribution, those issues have been fixed in libwmf 0.2.8.4-6.2+deb6u2. We recommend that you upgrade your libwmf packages.
- CVE-2015-4695