| Summary: | <media-libs/libwmf-0.2.8.4-r6: heap overflow when decoding BMP images (CVE-2015-0848) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | alexander, maintainer-needed |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1227243 | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=553818 | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
This security issue was fixed in =media-libs/libwmf-0.2.8.4-r6 Maintainer(s), please advise if you when you are ready for stabilization or call for stabilization yourself. Stable for HPPA PPC64. amd64 stable x86 stable ppc stable arm stable ia64 stable sparc stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Old removed. Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201602-03 at https://security.gentoo.org/glsa/201602-03 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : A heap buffer overflow flaw was found in the way the libwmf library processed WMF files containing BMP images. A specially crafted WMF file could cause an application using libwmf to crash or, possibly, execute arbitrary code. Original report: http://seclists.org/oss-sec/2015/q2/597 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.