openSUSE Security Update : libwmf (openSUSE-2015-443)
High Nessus Plugin ID 84384
SynopsisThe remote openSUSE host is missing a security update.
Descriptionlibwmf was updated to fix three security issues and one non-security bug.
The following vulnerabilities were fixed :
- CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user's privileges.
- CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file in a libwmf based application could have executed arbitrary code through incorrect run-length encoding. (boo#933109)
- CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf allowed context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. (boo#495842, boo#831299)
The following non-security bug was fixed :
- boo#892356: Make libwmf-tools not depend on libwmf-devel
SolutionUpdate the affected libwmf packages.