Bug 1272993 - (CVE-2015-4588) CVE-2015-4588 libwmf: heap overflow within the RLE decoding of embedded BMP images
CVE-2015-4588 libwmf: heap overflow within the RLE decoding of embedded BMP i...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20150601,repo...
: Security
Depends On:
Blocks: 1227245
  Show dependency treegraph
 
Reported: 2015-10-19 07:38 EDT by Stefan Cornelius
Modified: 2015-10-21 05:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-21 05:31:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stefan Cornelius 2015-10-19 07:38:21 EDT
It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded RLE-compressed BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application.

Previously, this issue was bundled in bug#1227243.
Comment 1 Stefan Cornelius 2015-10-19 08:03:48 EDT
The patch for this issue can be found in bug 1227243, comment 7.
Comment 2 errata-xmlrpc 2015-10-20 12:11:20 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:1917 https://rhn.redhat.com/errata/RHSA-2015-1917.html

Note You need to log in before you can comment on or make changes to this bug.