Slackware Linux update for libwmf
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2004-0941 CVE-2006-3376 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 CVE-2016-10167 CVE-2016-10168 CVE-2016-9011 CVE-2016-9317 CVE-2017-6362 |
| CWE-ID | CWE-120 CWE-190 CWE-835 CWE-404 CWE-400 CWE-119 CWE-122 CWE-125 CWE-416 CWE-20 CWE-789 CWE-415 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU12341
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2004-0941
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow. A remote attacker can execute arbitrary code via specially crafted image files that trigger the overflows due to improper calls to the gdMalloc function.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU12342
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3376
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in player.c in libwmf, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick, due to integer overflow. A remote attacker can trigger memory corruption and execute arbitrary code via the MaxRecordSize header field in a WMF file.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU12343
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-0455
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the gdImageStringFTEx function in gdft.c due to buffer overflow. A remote attacker can cause the service to crash or execute arbitrary code via a specially crafted string with a JIS encoded font.
Successful exploitation of the vulnerability may result in system comprmise.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU12344
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-2756
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the gdPngReadData function due to CPU consumption. A remote attacker can trcik the victim into opening a specially crafted PNG image with truncated data, which causes infinite loop in the png_read_info function in libpng, and cause the service to crash.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU12345
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-3472
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in gdImageCreateTrueColor function due to integer overflow. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper resource shutdown
EUVDB-ID: #VU12346
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2007-3473
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in gdImageCreateXbm function due to improper resource shutdown. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Resource exhaustion
EUVDB-ID: #VU12347
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-3477
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the (a) imagearc and (b) imagefilledarc functions due to CPU consumption. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash via a large (1) start or (2) end angle degree value.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU12348
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3546
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the _gdGetColors function in gd_gd.c due to improper verification of a certain colorsTotal structure member. A remote attacker can trick the victim into opening a specially crafted GD file, trigger buffer over-read or buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU12349
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0848
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted BMP image, trigger memory corruption and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU12350
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4588
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the DecodeImage function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted "run-length count" in an image in a WMF file, trigger memory corruption and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU12351
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the DecodeImage function due to out-of-bounds read. A remote attacker can trigger memory corruption and cause the service to crash via a specially crafted WMF file.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free error
EUVDB-ID: #VU12352
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4696
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening a specially crafted WMF file to the (1) wmf2gd or (2) wmf2eps command, trigger memory corruption and cause the service to crash.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU7575
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Integer overflow
EUVDB-ID: #VU7576
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10168
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.
The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Uncontrolled memory allocation
EUVDB-ID: #VU12353
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9011
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the wmf_malloc function in api.c due to uncontrolled memory allocation. A remote attacker can trick the victim into opening a specially crafted wmf file, trigger memory corruption and cause the service to crash.
MitigationUpdate the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU7572
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9317
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing overly large images in the gdImageCreate() function in the GD Graphics Library (aka libgd) before 2.2.4. A remote attacker can supply an overly large image and crash the application, using the affected library.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Double free memory error
EUVDB-ID: #VU12094
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6362
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to double free memory error in the gdImagePngPtr function. A remote attacker can submit vectors related to a palette with no colors and cause the service to crash.
Update the affected package libwmf.
Vulnerable software versionsSlackware Linux: 13.0 - 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
