CVE-2015-4695Improper Restriction of Operations within the Bounds of a Memory Buffer in Libwmf

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 18.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wvware LibwmfDebian Libwmf
Timeline
PublishedJul 1
Latest updateMay 17

Description

meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/libwmf< libwmf 0.2.8.4-10.4 (bookworm)
Debianwvware/libwmf< 0.2.8.4-10.4+3
NVDwvware/libwmf0.2.8.4

🔴Vulnerability Details

2
GHSA
GHSA-rrgp-f769-h4h5: meta2022-05-17
OSV
CVE-2015-4695: meta2015-07-01

📋Vendor Advisories

3
Ubuntu
libwmf vulnerabilities2015-07-08
Red Hat
libwmf: heap buffer overread in meta.h2015-05-04
Debian
CVE-2015-4695: libwmf - meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (o...2015

💬Community

2
Bugzilla
CVE-2015-4696 CVE-2015-4695 libwmf: various flaws [fedora-all]2015-06-25
Bugzilla
CVE-2015-4695 libwmf: heap buffer overread in meta.h2015-06-25