Published: 01/07/2015 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wvware libwmf 0.2.8.4
fedoraproject fedora 21
opensuse opensuse 13.2
opensuse opensuse 13.1

libwmf could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #788833 chicken: CVE-2015-4556: buffer overrun in CHICKEN Scheme's string-translate* procedure Package: src:chicken; Maintainer for src:chicken is Davide Puricelli (evo) <evo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Jun 2015 12:57:02 UTC Severity: grave ...

Debian Bug report logs - #787644 libwmf: CVE-2015-0848 CVE-2015-4588 Package: src:libwmf; Maintainer for src:libwmf is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Jun 2015 17:30:02 UTC Severity: grave Tags: jessie, security, sid, stretch, upstream, whe ...

Debian Bug report logs - #784205 CVE-2015-4695: meta_pen_create heap buffer overflow Package: libwmf02-7; Maintainer for libwmf02-7 is Debian QA Group <packages@qadebianorg>; Source for libwmf02-7 is src:libwmf (PTS, buildd, popcon) Reported by: Fernando Muñoz <fernando@null-lifecom> Date: Mon, 4 May 2015 01: ...

Debian Bug report logs - #790365 pycode-browser: CVE-2015-0849: predictable temporary file vulnerability Package: pycode-browser; Maintainer for pycode-browser is Georges Khaznadar <georgesk@debianorg>; Source for pycode-browser is src:pycode-browser (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustyto ...

Debian Bug report logs - #784192 CVE-2015-4696: wmf2gd/wmf2eps use after free Package: libwmf-bin; Maintainer for libwmf-bin is Debian QA Group <packages@qadebianorg>; Source for libwmf-bin is src:libwmf (PTS, buildd, popcon) Reported by: Fernando Muñoz <fernando@null-lifecom> Date: Sun, 3 May 2015 22:57:01 UTC ...

It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application (CVE-2015-0 ...

It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application ...

CWE-119 http://www.openwall.com/lists/oss-security/2015/06/01/2 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74923 https://security.gentoo.org/glsa/201602-03 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html http://www.ubuntu.com/usn/USN-2670-1 http://www.debian.org/security/2015/dsa-3302 http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://www.securitytracker.com/id/1032771 https://usn.ubuntu.com/2670-1/https://nvd.nist.gov

Get Started

CVE-2015-0848

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect