Vulnerability Details : CVE-2009-1364
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2009-1364
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1364
3.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1364
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2009-1364
-
http://secunia.com/advisories/35001
About Secunia Research | Flexera
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
openSUSE-SU-2015:1132-1: moderate: Security update for libwmf
-
http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log
CVS Info for project wvware
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html
[SECURITY] Fedora 9 Update: libwmf-0.2.8.4-18.1.fc9
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50290
libwmf embedded GD library code execution CVE-2009-1364 Vulnerability Report
-
http://secunia.com/advisories/35686
About Secunia Research | Flexera
-
http://www.securitytracker.com/id?1022154
Access Denied
-
http://rhn.redhat.com/errata/RHSA-2009-0457.html
RHSA-2009:0457 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/35025
About Secunia Research | Flexera
-
https://bugzilla.redhat.com/show_bug.cgi?id=496864
496864 – (CVE-2009-1364) CVE-2009-1364 libwmf: embedded gd use-after-free error
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:106
Mandriva
-
http://www.vupen.com/english/advisories/2009/1228
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html
[SECURITY] Fedora 11 Update: libwmf-0.2.8.4-20.fc11
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html
[SECURITY] Fedora 10 Update: libwmf-0.2.8.4-18.1.fc10
-
http://secunia.com/advisories/35190
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/USN-769-1
USN-769-1: libwmf vulnerability | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/34901
About Secunia Research | Flexera
-
http://security.gentoo.org/glsa/glsa-200907-01.xml
libwmf: User-assisted execution of arbitrary code (GLSA 200907-01) — Gentoo security
-
http://secunia.com/advisories/35416
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959
404 Not Found
-
https://launchpad.net/bugs/cve/2009-1364
CVE-2009-1364
-
http://www.securityfocus.com/bid/34792
-
http://secunia.com/advisories/34964
About Secunia Research | Flexera
-
http://www.debian.org/security/2009/dsa-1796
[SECURITY] [DSA 1796-1] New libwmf packages fix denial of service
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
openSUSE-SU-2015:1134-1: moderate: Security update for libwmf
Jump to