CVE-2015-4696 — Use After Free in Libwmf

CWE-416 — Use After Free9 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wvware Libwmf Debian Libwmf

Timeline

PublishedJul 1

Latest updateMay 17

Description

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/libwmf< libwmf 0.2.8.4-10.4 (bookworm)

▶Debianwvware/libwmf< 0.2.8.4-10.4+3

▶NVDwvware/libwmf0.2.8.4

🔴Vulnerability Details

GHSA

GHSA-4c7m-gh7v-c837: Use-after-free vulnerability in libwmf 0↗2022-05-17

▶

OSV

CVE-2015-4696: Use-after-free vulnerability in libwmf 0↗2015-07-01

▶

📋Vendor Advisories

Ubuntu

libwmf vulnerabilities↗2015-07-08

▶

Red Hat

libwmf: use-after-free flaw in meta.h↗2015-05-03

▶

Debian

CVE-2015-4696: libwmf - Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause ...↗2015

▶

💬Community

Bugzilla

CVE-2015-4696 libwmf: use-after-free flaw in meta.h↗2015-06-25

▶

Bugzilla

CVE-2015-4696 CVE-2015-4695 libwmf: various flaws [fedora-all]↗2015-06-25

▶

Bugzilla

CVE-2015-0848 libwmf: heap overflow when decoding BMP images↗2015-06-02

▶