Rapid7 Vulnerability & Exploit Database

RHSA-2009:0457: libwmf security update

Back to Search

RHSA-2009:0457: libwmf security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/01/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

libwmf is a library for reading and converting Windows Metafile Format(WMF) vector graphics. libwmf is used by applications such as GIMP andImageMagick.A pointer use-after-free flaw was found in the GD graphics library embeddedin libwmf. An attacker could create a specially-crafted WMF file that wouldcause an application using libwmf to crash or, potentially, executearbitrary code as the user running the application when opened by a victim.(CVE-2009-1364)Note: This flaw is specific to the GD graphics library embedded in libwmf.It does not affect the GD graphics library from the "gd" packages, orapplications using it.Red Hat would like to thank Tavis Ormandy of the Google Security Team forresponsibly reporting this flaw.All users of libwmf are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing theupdate, all applications using libwmf must be restarted for the updateto take effect.

Solution(s)

  • redhat-upgrade-libwmf
  • redhat-upgrade-libwmf-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;