Package name
libwmf
Date
2007-02-06
Advisory ID
MDKSA-2007:036
Affected versions
CS4.0 x86_64 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font.

Libwmf uses an embedded copy of the gd source and may also be affected
by this issue.

Packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 32bf6a4902c45c2d18de1a025f6cadcc  corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
 db7d2b330c682d23bff9dd852bd6a7ef  corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
 ffb6e68cde364f02cf11f15889fca672  corporate/4.0/x86_64/libwmf-0.2.8.3-6.4.20060mlcs4.x86_64.rpm 
 5a04c278fdcb28320aac0cc08e802f14  corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

2006.0 i586

 e20256e67b230fb391ecc25b462eeab2  2006.0/i586/libwmf-0.2.8.3-6.4.20060mdk.i586.rpm
 d0d0c26789f2e17e5b86cf4ecb4e0f38  2006.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mdk.i586.rpm
 ed27e474fc154203677111795fbb8d55  2006.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mdk.i586.rpm 
 1e51660d73213b67ba80967c945d0d49  2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

2007.0 x86_64

 9b6632e5918d5984abc3cdc1c3659e47  2007.0/x86_64/lib64wmf0.2_7-0.2.8.4-6.1mdv2007.0.x86_64.rpm
 476cae147f1eefc4cff0d328cc235cfb  2007.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.x86_64.rpm
 b16363e12139fc6786d22a6cfc549bab  2007.0/x86_64/libwmf-0.2.8.4-6.1mdv2007.0.x86_64.rpm 
 b6fc7246891a9635e260061666f8d1bc  2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

2007.0 i586

 6ddcf6fa9d07430b6506c6e539750490  2007.0/i586/libwmf-0.2.8.4-6.1mdv2007.0.i586.rpm
 bca845804d4da48c5945a558d88991ba  2007.0/i586/libwmf0.2_7-0.2.8.4-6.1mdv2007.0.i586.rpm
 e88b4e66f7ba43445578922a77c0af0a  2007.0/i586/libwmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.i586.rpm 
 b6fc7246891a9635e260061666f8d1bc  2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

CS3.0 x86_64

 ef2f38e688ac821550a8cef7e5ccc48e  corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.4.C30mdk.x86_64.rpm
 440c29e0dac1fd3e980c270e18f53f0f  corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.4.C30mdk.x86_64.rpm
 3125547bd6cdc7eb6fde1a768d9ce771  corporate/3.0/x86_64/libwmf-0.2.8-6.4.C30mdk.x86_64.rpm 
 e390b914857d4d67bdb2ef45545a82fd  corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

CS4.0 i586

 01ea7b987e96e79f3246cec473e44415  corporate/4.0/i586/libwmf-0.2.8.3-6.4.20060mlcs4.i586.rpm
 82a459c50db3e1042eb489d13c036871  corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mlcs4.i586.rpm
 aef7018051548a36066c65ef59de1571  corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.i586.rpm 
 5a04c278fdcb28320aac0cc08e802f14  corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

CS3.0 i586

 8ab58c9932da307fc45301d4c43952d0  corporate/3.0/i586/libwmf-0.2.8-6.4.C30mdk.i586.rpm
 8e7d0ab58e3c307b6bb723545d378d1d  corporate/3.0/i586/libwmf0.2_7-0.2.8-6.4.C30mdk.i586.rpm
 c82ea507536b900652218a7ab9d3d69c  corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.4.C30mdk.i586.rpm 
 e390b914857d4d67bdb2ef45545a82fd  corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

2006.0 x86_64

 d2fbbdf43ce91c6d347e381be6b81d74  2006.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mdk.x86_64.rpm
 c4f2e16dd585c2d3d3418e965baf4f7f  2006.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mdk.x86_64.rpm
 ec618bd5ddaf3abf11736ba6f7bb312e  2006.0/x86_64/libwmf-0.2.8.3-6.4.20060mdk.x86_64.rpm 
 1e51660d73213b67ba80967c945d0d49  2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

References