CVE-2015-4588Improper Restriction of Operations within the Bounds of a Memory Buffer in Libwmf

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
5.7%
top 9.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Wvware LibwmfDebian LibwmfFedoraproject Fedora+1 more
Timeline
PublishedJul 1
Latest updateMay 14

Description

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

debiandebian/libwmf< libwmf 0.2.8.4-10.4 (bookworm)
Debianwvware/libwmf< 0.2.8.4-10.4+3
NVDwvware/libwmf0.2.8.4
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 21

🔴Vulnerability Details

2
GHSA
GHSA-v3qj-6mjm-fxx7: Heap-based buffer overflow in the DecodeImage function in libwmf 02022-05-14
OSV
CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function in libwmf 02015-07-01

📋Vendor Advisories

3
Ubuntu
libwmf vulnerabilities2015-07-08
Red Hat
libwmf: heap overflow within the RLE decoding of embedded BMP images2015-06-01
Debian
CVE-2015-4588: libwmf - Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows ...2015

💬Community

2
Bugzilla
CVE-2015-4588 libwmf: heap overflow within the RLE decoding of embedded BMP images2015-10-19
Bugzilla
CVE-2015-0848 libwmf: heap overflow when decoding BMP images2015-06-02