libwmf: Multiple vulnerabilities — GLSA 201602-03

Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service.

Affected packages

media-libs/libwmf on all architectures
Affected versions < 0.2.8.4-r6
Unaffected versions >= 0.2.8.4-r6

Background

libwmf is a library for converting WMF files.

Description

Multiple vulnerabilities have been discovered in libwmf. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause Denial of Service.

Workaround

There is no known work around at this time.

Resolution

All libwmf users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r6"
 

References

Release date
February 27, 2016

Latest revision
February 27, 2016: 3

Severity
normal

Exploitable
remote

Bugzilla entries