Published: 01/05/2009 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
francis james franklin libwmf 0.2.8.4
opensuse opensuse 13.2
opensuse opensuse 13.1

Synopsis Moderate: libwmf security update Type/Severity Security Advisory: Moderate Topic Updated libwmf packages that fix one security issue are now available forRed Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Debian Bug report logs - #526434 CVE-2009-1364 libwmf: embedded gd use-after-free error Package: libwmf; Maintainer for libwmf is Debian QA Group <packages@qadebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 1 May 2009 08:21:04 UTC Severity: serious Tags: patch, security Found in versio ...

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...

Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library For the oldstable distribution (etch), thi ...

Use-after-free vulnerability in the embedded GD library in libwmf 0284 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file ...

# MEM30-C Do not access freed memory Evaluating a pointer—including dereferencing the pointer, using it as an operand of an arithmetic operation, type casting it, and using it as the right-hand side of an assignment—into memory that has been deallocated by a memory management function is undefined behavior Pointers to memory that has been deallocated are called d

NVD-CWE-Other http://rhn.redhat.com/errata/RHSA-2009-0457.html https://bugzilla.redhat.com/show_bug.cgi?id=496864 http://www.securityfocus.com/bid/34792 http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log https://launchpad.net/bugs/cve/2009-1364 http://secunia.com/advisories/35001 http://www.ubuntu.com/usn/USN-769-1 http://secunia.com/advisories/34964 http://www.vupen.com/english/advisories/2009/1228 http://www.mandriva.com/security/advisories?name=MDVSA-2009:106 http://www.debian.org/security/2009/dsa-1796 http://secunia.com/advisories/34901 http://www.securitytracker.com/id?1022154 http://secunia.com/advisories/35025 http://secunia.com/advisories/35190 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/35416 http://security.gentoo.org/glsa/glsa-200907-01.xml http://secunia.com/advisories/35686 http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html https://exchange.xforce.ibmcloud.com/vulnerabilities/50290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959 https://access.redhat.com/errata/RHSA-2009:0457 https://usn.ubuntu.com/769-1/https://nvd.nist.gov

CVE-2009-1364

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect