CVE-2009-1364

Severity

75%

Complexity

99%

Confidentiality

106%

CWE-416: Use After Free

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

CWE-416: Use After Free

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenSUSE

First reported 15 years ago

2009-05-01 17:30:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

References

SUSE-SR:2009:011

openSUSE-SU-2015:1132

openSUSE-SU-2015:1134

RHSA-2009:0457

34901

34964

35001

35025

35190

35416

35686

GLSA-200907-01

http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log

DSA-1796

MDVSA-2009:106

34792

1022154

USN-769-1

ADV-2009-1228

https://bugzilla.redhat.com/show_bug.cgi?id=496864

libwmf-gdlibrary-code-execution(50290)

https://launchpad.net/bugs/cve/2009-1364

oval:org.mitre.oval:def:10959

FEDORA-2009-5518

FEDORA-2009-5524

FEDORA-2009-5517

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.