FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1364

This CVE name corresponds to:

Entered Topic
2009-05-16 libwmf -- embedded GD library Use-After-Free vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1364 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1364
Phase Assigned(20090422)

Description

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

References

Source Reference
CONFIRM http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=496864
CONFIRM https://launchpad.net/bugs/cve/2009-1364
DEBIAN DSA-1796
FEDORA FEDORA-2009-5517
FEDORA FEDORA-2009-5524
FEDORA FEDORA-2009-5518
GENTOO GLSA-200907-01
MANDRIVA MDVSA-2009:106
REDHAT RHSA-2009:0457
SUSE SUSE-SR:2009:011
SUSE openSUSE-SU-2015:1132
SUSE openSUSE-SU-2015:1134
UBUNTU USN-769-1
BID 34792
OVAL oval:org.mitre.oval:def:10959
SECTRACK 1022154
SECUNIA 34964
SECUNIA 35001
SECUNIA 34901
SECUNIA 35025
SECUNIA 35190
SECUNIA 35416
SECUNIA 35686
VUPEN ADV-2009-1228
XF libwmf-gdlibrary-code-execution(50290)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.