Slackware Linux update for libwmf



Published: 2018-05-02
Risk High
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2004-0941
CVE-2006-3376
CVE-2007-0455
CVE-2007-2756
CVE-2007-3472
CVE-2007-3473
CVE-2007-3477
CVE-2009-3546
CVE-2015-0848
CVE-2015-4588
CVE-2015-4695
CVE-2015-4696
CVE-2016-10167
CVE-2016-10168
CVE-2016-9011
CVE-2016-9317
CVE-2017-6362
CWE-ID CWE-120
CWE-190
CWE-835
CWE-404
CWE-400
CWE-119
CWE-122
CWE-125
CWE-416
CWE-20
CWE-789
CWE-415
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
Slackware Linux
Operating systems & Components / Operating system

Vendor Slackware

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU12341

Risk: High

CVSSv3.1:

CVE-ID: CVE-2004-0941

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow. A remote attacker can execute arbitrary code via specially crafted image files that trigger the overflows due to improper calls to the gdMalloc function.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Integer overflow

EUVDB-ID: #VU12342

Risk: High

CVSSv3.1:

CVE-ID: CVE-2006-3376

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in player.c in libwmf, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick, due to integer overflow. A remote attacker can trigger memory corruption and execute arbitrary code via the MaxRecordSize header field in a WMF file.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU12343

Risk: High

CVSSv3.1:

CVE-ID: CVE-2007-0455

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the gdImageStringFTEx function in gdft.c due to buffer overflow. A remote attacker can cause the service to crash or execute arbitrary code via a specially crafted string with a JIS encoded font.

Successful exploitation of the vulnerability may result in system comprmise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Infinite loop

EUVDB-ID: #VU12344

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2007-2756

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the gdPngReadData function due to CPU consumption. A remote attacker can trcik the victim into opening a specially crafted PNG image with truncated data, which causes infinite loop in the png_read_info function in libpng, and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Integer overflow

EUVDB-ID: #VU12345

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2007-3472

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in gdImageCreateTrueColor function due to integer overflow. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper resource shutdown

EUVDB-ID: #VU12346

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2007-3473

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in gdImageCreateXbm function due to improper resource shutdown. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Resource exhaustion

EUVDB-ID: #VU12347

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2007-3477

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the (a) imagearc and (b) imagefilledarc functions due to CPU consumption. A remote attacker can trick the victim into opening a specially crafted file and cause the service to crash via a large (1) start or (2) end angle degree value.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU12348

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-3546

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the _gdGetColors function in gd_gd.c due to improper verification of a certain colorsTotal structure member. A remote attacker can trick the victim into opening a specially crafted GD file, trigger buffer over-read or buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Heap-based buffer overflow

EUVDB-ID: #VU12349

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-0848

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted BMP image, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Heap-based buffer overflow

EUVDB-ID: #VU12350

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-4588

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists  in the DecodeImage function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted "run-length count" in an image in a WMF file, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds read

EUVDB-ID: #VU12351

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-4695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the DecodeImage function due to out-of-bounds read. A remote attacker can trigger memory corruption and cause the service to crash via a specially crafted WMF file.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Use-after-free error

EUVDB-ID: #VU12352

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-4696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening a specially crafted WMF file to the (1) wmf2gd or (2) wmf2eps command, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper input validation

EUVDB-ID: #VU7575

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10167

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Integer overflow

EUVDB-ID: #VU7576

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-10168

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Uncontrolled memory allocation

EUVDB-ID: #VU12353

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9011

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the wmf_malloc function in api.c due to uncontrolled memory allocation. A remote attacker can trick the victim into opening a specially crafted wmf file, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Improper input validation

EUVDB-ID: #VU7572

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9317

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing overly large images in the gdImageCreate() function in the GD Graphics Library (aka libgd) before 2.2.4. A remote attacker can supply an overly large image and crash the application, using the affected library.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Double free memory error

EUVDB-ID: #VU12094

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-6362

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to double free memory error in the gdImagePngPtr function. A remote attacker can submit vectors related to a palette with no colors and cause the service to crash.

Mitigation

Update the affected package libwmf.

Vulnerable software versions

Slackware Linux: 13.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.620340

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###