CVE-2015-0848 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libwmf

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

4.7%

top 10.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wvware Libwmf Debian Libwmf Fedoraproject Fedora +1 more

Timeline

PublishedJul 1

Latest updateMay 14

Description

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/libwmf< libwmf 0.2.8.4-10.4 (bookworm)

▶Debianwvware/libwmf< 0.2.8.4-10.4+3

▶NVDwvware/libwmf0.2.8.4

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 21

🔴Vulnerability Details

GHSA

GHSA-8h7p-8xq5-x3gj: Heap-based buffer overflow in libwmf 0↗2022-05-14

▶

OSV

CVE-2015-0848: Heap-based buffer overflow in libwmf 0↗2015-07-01

▶

📋Vendor Advisories

Ubuntu

libwmf vulnerabilities↗2015-07-08

▶

Red Hat

libwmf: heap overflow when decoding BMP images↗2015-06-01

▶

Debian

CVE-2015-0848: libwmf - Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a ...↗2015

▶

💬Community

Bugzilla

CVE-2015-0848 libwmf: heap overflow when decoding BMP images [fedora-all]↗2015-06-02

▶

Bugzilla

CVE-2015-0848 libwmf: heap overflow when decoding BMP images↗2015-06-02

▶