MDVSA-2009:106-1

Executive Summary

Informations
Name	MDVSA-2009:106-1	First vendor Publication	2009-12-03
Vendor	Mandriva	Last vendor Modification	2009-12-03
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364).

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are being provided due to extended support for Corporate products.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:106-1

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10959

Oval ID:	oval:org.mitre.oval:def:10959
Title:	Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
Description:	Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1364	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libwmf is earlier than 0:0.2.8.3-5.8 AND libwmf-devel is earlier than 0:0.2.8.3-5.8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libwmf is earlier than 0:0.2.8.4-10.2 AND libwmf-devel is earlier than 0:0.2.8.4-10.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Francis James Franklin Libwmf cpe:/a:francis_james_franklin:libwmf:0.2.8.4	1

Open Source Vulnerability Database (OSVDB)

id	Description
56286	libwmf Embedded GD Library WMF File Handling Use-After-Free Arbitrary Code Ex...

Type	Count
Oval ID(s)	1
CPE ID(s)	1
osvdb(s)	1

Related	Severity
MDVSA-2009:106	(High)
CVE-2009-1364	(High)

Same Subject	Severity
Login to view 4 more Alert(s)

MDVSA-2009:106-1

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU