Vulnerability in libwmf graphics library
A critical vulnerability in the open source library libwmf has caused Linux distributors Red Hat and Canonical (Ubuntu), to publish updated packages. Libwmf is used to process Windows Metafile Format (WMF) images and is used by applications such as GIMP and ImageMagick.
The cause of the problem is a "use-after-free" error in the function gdClipSetAdd
in src/extra/gd/gd_clip.c
in the GD graphics library embedded in the libwmf library. According to the reports, this could allow the execution of code hidden in images. The standalone GD library is not affected by the problem.
See also:
- libwmf security update, Red Hat report.
- libwmf vulnerability, Ubuntu report.
(djwm)