Ubuntu update for libwmf



Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2015-0848
CVE-2015-4588
CVE-2015-4695
CVE-2015-4696
CWE-ID CWE-122
CWE-125
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU12349

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-0848

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted BMP image, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages

Ubuntu 15.04:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1
Ubuntu 14.10:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libwmf0.2-7 0.2.8.4-10ubuntu1.1

Vulnerable software versions

Ubuntu: 12.04 - 14.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-2670-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU12350

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-4588

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists  in the DecodeImage function due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted "run-length count" in an image in a WMF file, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages

Ubuntu 15.04:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1
Ubuntu 14.10:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libwmf0.2-7 0.2.8.4-10ubuntu1.1

Vulnerable software versions

Ubuntu: 12.04 - 14.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2670-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU12351

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-4695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the DecodeImage function due to out-of-bounds read. A remote attacker can trigger memory corruption and cause the service to crash via a specially crafted WMF file.

Mitigation

Update the affected packages

Ubuntu 15.04:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1
Ubuntu 14.10:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libwmf0.2-7 0.2.8.4-10ubuntu1.1

Vulnerable software versions

Ubuntu: 12.04 - 14.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2670-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free error

EUVDB-ID: #VU12352

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-4696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening a specially crafted WMF file to the (1) wmf2gd or (2) wmf2eps command, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages

Ubuntu 15.04:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.15.04.1
Ubuntu 14.10:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libwmf0.2-7 0.2.8.4-10.3ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libwmf0.2-7 0.2.8.4-10ubuntu1.1

Vulnerable software versions

Ubuntu: 12.04 - 14.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2670-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###