CVE-2015-4696 - OpenCVE

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wvware	Libwmf

Configuration 1 [-]

cpe:2.3:a:wvware:libwmf:0.2.8.4:*:*:*:*:*:*:*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html
http://rhn.redhat.com/errata/RHSA-2015-1917.html
http://www.debian.org/security/2015/dsa-3302
http://www.openwall.com/lists/oss-security/2015/06/17/3
http://www.openwall.com/lists/oss-security/2015/06/21/3
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/75331
http://www.securitytracker.com/id/1032771
http://www.ubuntu.com/usn/USN-2670-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192	Exploit
https://security.gentoo.org/glsa/201602-03

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-07-01T14:00:00

Updated: 2017-09-21T09:57:01

Reserved: 2015-06-19T00:00:00

Link: CVE-2015-4696

JSON object: View

NVD Information

Status : Modified

Published: 2015-07-01T14:59:13.347

Modified: 2017-09-22T01:29:18.967

Link: CVE-2015-4696

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-21T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3302", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3302"}, {"name": "GLSA-201602-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-03"}, {"name": "75331", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75331"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "USN-2670-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2670-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192"}, {"name": "FEDORA-2015-10601", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html"}, {"name": "[oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/21/3"}, {"name": "1032771", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032771"}, {"name": "openSUSE-SU-2015:1212", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html"}, {"name": "RHSA-2015:1917", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1917.html"}, {"name": "[oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/17/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3302", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3302"}, {"name": "GLSA-201602-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201602-03"}, {"name": "75331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75331"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "USN-2670-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2670-1"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192"}, {"name": "FEDORA-2015-10601", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html"}, {"name": "[oss-security] 20150621 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/21/3"}, {"name": "1032771", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032771"}, {"name": "openSUSE-SU-2015:1212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html"}, {"name": "RHSA-2015:1917", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1917.html"}, {"name": "[oss-security] 20150617 Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/17/3"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4696", "datePublished": "2015-07-01T14:00:00", "dateReserved": "2015-06-19T00:00:00", "dateUpdated": "2017-09-21T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wvware:libwmf:0.2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F5D818A7-3AA5-487C-84D1-D1A627DF899D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en libwmf 0.2.8.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un fichero WMF manipulado en el comando (1) wmf2gd o (2) wmf2eps."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2015-4696", "lastModified": "2017-09-22T01:29:18.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-01T14:59:13.347", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162569.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1917.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3302"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/06/17/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/06/21/3"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/75331"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032771"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2670-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201602-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}