{"affected":[{"ecosystem_specific":{"binaries":[{"libwmf":"0.2.8.4-206.29.29.1","libwmf-32bit":"0.2.8.4-206.29.29.1","libwmf-devel":"0.2.8.4-206.29.29.1","libwmf-gnome":"0.2.8.4-206.29.29.1","libwmf-gnome-32bit":"0.2.8.4-206.29.29.1","libwmf-gnome-x86":"0.2.8.4-206.29.29.1","libwmf-x86":"0.2.8.4-206.29.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP3","name":"libwmf","purl":"pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8.4-206.29.29.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwmf":"0.2.8.4-206.29.29.1","libwmf-32bit":"0.2.8.4-206.29.29.1","libwmf-devel":"0.2.8.4-206.29.29.1","libwmf-gnome":"0.2.8.4-206.29.29.1","libwmf-gnome-32bit":"0.2.8.4-206.29.29.1","libwmf-gnome-x86":"0.2.8.4-206.29.29.1","libwmf-x86":"0.2.8.4-206.29.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"libwmf","purl":"pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8.4-206.29.29.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwmf":"0.2.8.4-206.29.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 11 SP3","name":"libwmf","purl":"pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8.4-206.29.29.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libwmf":"0.2.8.4-206.29.29.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 11 SP4","name":"libwmf","purl":"pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8.4-206.29.29.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"libwmf was updated to fix four security issues.\n\nThese security issues were fixed:\n- CVE-2015-4588: Heap-based buffer overflow in the DecodeImage function allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted 'run-length count' in an image in a WMF file (bsc#933109).\n- CVE-2015-0848: Heap-based buffer overflow allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image (bsc#933109).\n- CVE-2015-4696: Use-after-free vulnerability allowed remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command (bsc#936062).\n- CVE-2015-4695: meta.h allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file (bsc#936058).\n  ","id":"SUSE-SU-2015:1378-1","modified":"2015-07-09T22:43:13Z","published":"2015-07-09T22:43:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151378-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/831299"},{"type":"REPORT","url":"https://bugzilla.suse.com/933109"},{"type":"REPORT","url":"https://bugzilla.suse.com/936058"},{"type":"REPORT","url":"https://bugzilla.suse.com/936062"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4696"}],"related":["CVE-2015-0848","CVE-2015-4588","CVE-2015-4695","CVE-2015-4696"],"summary":"Security update for libwmf","upstream":["CVE-2015-0848","CVE-2015-4588","CVE-2015-4695","CVE-2015-4696"]}