Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-17] libwmf: Buffer overflow vulnerability Vulnerability Scan
Vulnerability Scan Summary
libwmf: Buffer overflow vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-17
(libwmf: Buffer overflow vulnerability)
infamous41md discovered that libwmf fails to do proper bounds checking
on the MaxRecordSize variable in the WMF file header. This could lead
to an head-based buffer overflow.
By enticing a user to open a specially crafted WMF file, a remote
attacker could cause a heap-based buffer overflow and execute arbitrary
code with the permissions of the user running the application that uses
There is no known workaround for this issue.
All libwmf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.