Main Vulnerability Database Vulnerabilities #VU12350

#VU12350 Heap-based buffer overflow in libwmf - CVE-2015-4588

Published: May 2, 2018

Vulnerability identifier: #VU12350

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-4588

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libwmf

Software vendor:
wvware.sourceforge.net

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the DecodeImage function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted "run-length count" in an image in a WMF file, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

#VU12350 Heap-based buffer overflow in libwmf - CVE-2015-4588

Description

Remediation

External links

Please verify you're human