Severity: 2/4
 Consequences: user access/rights, denial of service of client
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 06/05/2009

IMPACTED PRODUCTS

 Debian Linux
 Mandriva Corporate
 Mandriva Linux
 Red Hat Enterprise Linux
 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The libwmf library handles WMF (Microsoft Windows Metafile Format) images.

This library contains its own version of the gd library. However, the gdClipSetAdd() function of the src/extra/gd/gd_clip.c file reallocates a pointer which can be uninitialized. A memory corruption thus occurs.

An attacker can therefore invite the victim to open a malicious WMF image with an application linked to libwmf in order to create a denial of service or to execute code on his computer.

CHARACTERISTICS

 Identifiers: 496864, BID-34792, CVE-2009-1364, DSA 1796-1, MDVSA-2009:106, RHSA-2009:0457-01, VIGILANCE-VUL-8692
 Url: http://vigilance.fr/vulnerability/libwmf-memory-corruption-8692