Vulnerabilities > CVE-2009-1364 - Remote Code Execution vulnerability in libwmf WMF Image File

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
francis-james-franklin
opensuse
nessus
NVD
Published: 2009-05-01
Updated: 2018-10-30

Summary

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

Vulnerable Configurations

Part Description Count
Application
Francis_James_Franklin
1
OS
Opensuse
2

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090430_LIBWMF_ON_SL4_X.NASL
    descriptionA pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) After installing the update, all applications using libwmf must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60578
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60578
    titleScientific Linux Security Update : libwmf on SL4.x, SL5.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1796.NASL
    descriptionTavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library.
    last seen2020-06-01
    modified2020-06-02
    plugin id38704
    published2009-05-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38704
    titleDebian DSA-1796-1 : libwmf - pointer use-after-free
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBWMF-090423.NASL
    descriptionA specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen2020-06-01
    modified2020-06-02
    plugin id40052
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40052
    titleopenSUSE Security Update : libwmf (libwmf-821)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-106.NASL
    descriptionUse-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id38693
    published2009-05-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38693
    titleMandriva Linux Security Advisory : libwmf (MDVSA-2009:106-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5524.NASL
    descriptionCVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38936
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38936
    titleFedora 10 : libwmf-0.2.8.4-18.1.fc10 (2009-5524)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-769-1.NASL
    descriptionTavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38685
    published2009-05-05
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38685
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libwmf vulnerability (USN-769-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6A245F31425411DEB67A0030843D3802.NASL
    descriptionSecunia reports : A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. The vulnerability is caused due to a use-after-free error within the embedded GD library, which can be exploited to cause a crash or potentially to execute arbitrary code via a specially crafted WMF file.
    last seen2020-06-01
    modified2020-06-02
    plugin id38804
    published2009-05-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38804
    titleFreeBSD : libwmf -- embedded GD library Use-After-Free vulnerability (6a245f31-4254-11de-b67a-0030843d3802)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0457.NASL
    descriptionUpdated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the
    last seen2020-06-01
    modified2020-06-02
    plugin id38659
    published2009-05-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38659
    titleRHEL 4 / 5 : libwmf (RHSA-2009:0457)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0457.NASL
    descriptionUpdated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the
    last seen2020-06-01
    modified2020-06-02
    plugin id38900
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38900
    titleCentOS 4 / 5 : libwmf (CESA-2009:0457)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200907-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200907-01 (libwmf: User-assisted execution of arbitrary code) The embedded fork of the GD library introduced a
    last seen2020-06-01
    modified2020-06-02
    plugin id39595
    published2009-07-03
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39595
    titleGLSA-200907-01 : libwmf: User-assisted execution of arbitrary code
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBWMF-090512.NASL
    descriptionA specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen2020-06-01
    modified2020-06-02
    plugin id40273
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40273
    titleopenSUSE Security Update : libwmf (libwmf-821)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBWMF-6213.NASL
    descriptionA specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen2020-06-01
    modified2020-06-02
    plugin id51755
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51755
    titleSuSE 10 Security Update : libwmf (ZYPP Patch Number 6213)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5518.NASL
    descriptionCVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38934
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38934
    titleFedora 11 : libwmf-0.2.8.4-20.fc11 (2009-5518)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBWMF-090428.NASL
    descriptionA specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen2020-06-01
    modified2020-06-02
    plugin id41433
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41433
    titleSuSE 11 Security Update : libwmf (SAT Patch Number 822)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5517.NASL
    descriptionCVE-2009-1364 libwmf: embedded gd use-after-free error Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38933
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38933
    titleFedora 9 : libwmf-0.2.8.4-18.1.fc9 (2009-5517)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0457.NASL
    descriptionFrom Red Hat Security Advisory 2009:0457 : Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the
    last seen2020-06-01
    modified2020-06-02
    plugin id67851
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67851
    titleOracle Linux 4 / 5 : libwmf (ELSA-2009-0457)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBWMF-6212.NASL
    descriptionA specially crafted WMF files could crash libwmf. (CVE-2009-1364)
    last seen2020-06-01
    modified2020-06-02
    plugin id38788
    published2009-05-15
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38788
    titleopenSUSE 10 Security Update : libwmf (libwmf-6212)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1484-1.NASL
    descriptionlibwmf was updated to fix five security issues. These security issues were fixed : - CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299) - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109) - CVE-2015-4588: DecodeImage() did not check that the run-length
    last seen2020-06-01
    modified2020-06-02
    plugin id85796
    published2015-09-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85796
    titleSUSE SLED12 Security Update : libwmf (SUSE-SU-2015:1484-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-443.NASL
    descriptionlibwmf was updated to fix three security issues and one non-security bug. The following vulnerabilities were fixed : - CVE-2015-0848: An attacker that could trick a victim into opening a specially crafted WMF file with BMP portions in a libwmf based application could have executed arbitrary code with the user
    last seen2020-06-05
    modified2015-06-25
    plugin id84384
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84384
    titleopenSUSE Security Update : libwmf (openSUSE-2015-443)

Oval

accepted2013-04-29T04:10:16.812-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUse-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
familyunix
idoval:org.mitre.oval:def:10959
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUse-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
version27

Redhat

advisories
bugzilla
id496864
titleCVE-2009-1364 libwmf: embedded gd use-after-free error
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibwmf-devel is earlier than 0:0.2.8.3-5.8
          ovaloval:com.redhat.rhsa:tst:20090457001
        • commentlibwmf-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060597004
      • AND
        • commentlibwmf is earlier than 0:0.2.8.3-5.8
          ovaloval:com.redhat.rhsa:tst:20090457003
        • commentlibwmf is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060597002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibwmf-devel is earlier than 0:0.2.8.4-10.2
          ovaloval:com.redhat.rhsa:tst:20090457006
        • commentlibwmf-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090457007
      • AND
        • commentlibwmf is earlier than 0:0.2.8.4-10.2
          ovaloval:com.redhat.rhsa:tst:20090457008
        • commentlibwmf is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090457009
rhsa
idRHSA-2009:0457
released2009-04-30
severityModerate
titleRHSA-2009:0457: libwmf security update (Moderate)
rpms
  • libwmf-0:0.2.8.3-5.8
  • libwmf-0:0.2.8.4-10.2
  • libwmf-debuginfo-0:0.2.8.3-5.8
  • libwmf-debuginfo-0:0.2.8.4-10.2
  • libwmf-devel-0:0.2.8.3-5.8
  • libwmf-devel-0:0.2.8.4-10.2

References