In association with heise online

05 May 2009, 10:32

Vulnerability in libwmf graphics library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical vulnerability in the open source library libwmf has caused Linux distributors Red Hat and Canonical (Ubuntu), to publish updated packages. Libwmf is used to process Windows Metafile Format (WMF) images and is used by applications such as GIMP and ImageMagick.

The cause of the problem is a "use-after-free" error in the function gdClipSetAdd in src/extra/gd/gd_clip.c in the GD graphics library embedded in the libwmf library. According to the reports, this could allow the execution of code hidden in images. The standalone GD library is not affected by the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit