CVE-2009-1364 — Use After Free in Libwmf

CWE-416 — Use After Free8 documents7 sources

Severity

7.5HIGHNVD

EPSS

3.1%

top 13.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wvware Libwmf Debian Libwmf Francis James Franklin Libwmf +1 more

Timeline

PublishedMay 1

Latest updateMay 2

Description

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/libwmf< libwmf 0.2.8.4-6.1 (bookworm)

▶Debianwvware/libwmf< 0.2.8.4-6.1+3

▶NVDfrancis_james_franklin/libwmf0.2.8.4

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-6h8h-vx9v-4g94: Use-after-free vulnerability in the embedded GD library in libwmf 0↗2022-05-02

▶

OSV

CVE-2009-1364: Use-after-free vulnerability in the embedded GD library in libwmf 0↗2009-05-01

▶

📋Vendor Advisories

Ubuntu

libwmf vulnerability↗2009-05-04

▶

Red Hat

libwmf: embedded gd use-after-free error↗2009-04-27

▶

Debian

CVE-2009-1364: libwmf - Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows...↗2009

▶

💬Community

Bugzilla

CVE-2009-1364 libwmf: embedded gd use-after-free error↗2009-05-26

▶

Bugzilla

CVE-2009-1364 libwmf: embedded gd use-after-free error↗2009-04-21

▶