CVE-2009-1364

Name of the Vulnerable Software and Affected Versions libwmf versions 0.2.8.3 through 0.2.8.4 libwmf-devel versions 0.2.8.3 through 0.2.8.4

Description The issue is related to a use-after-free vulnerability in the embedded GD library in libwmf, which allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. This vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For libwmf versions 0.2.8.3 through 0.2.8.4, update to a version that contains a fix for this vulnerability. For libwmf-devel versions 0.2.8.3 through 0.2.8.4, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of libwmf and libwmf-devel until a patch is available.