FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libwmf -- embedded GD library Use-After-Free vulnerability

Affected packages
libwmf < 0.2.8.4_3

Details

VuXML ID 6a245f31-4254-11de-b67a-0030843d3802
Discovery 2009-05-05
Entry 2009-05-16

Secunia reports:

A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

The vulnerability is caused due to a use-after-free error within the embedded GD library, which can be exploited to cause a crash or potentially to execute arbitrary code via a specially crafted WMF file.

References

Bugtraq ID 34792
CVE Name CVE-2009-1364
URL http://secunia.com/advisories/34901/
URL https://bugzilla.redhat.com/show_bug.cgi?id=496864
URL https://rhn.redhat.com/errata/RHSA-2009-0457.html