USN-769-1 -- libwmf vulnerability
|ID: oval:org.secpod.oval:def:700422||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.