It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application.
Use after free issue was reported in libwmf when processing a crafted WMF file.
Originally reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192
Patch is attached in BZ 1227243: https://bugzilla.redhat.com/attachment.cgi?id=1042307
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1235671]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2015:1917 https://rhn.redhat.com/errata/RHSA-2015-1917.html