Debian 10163 Published by

A libwmf update has been released for Debian 6 LTS



Package : libwmf
Version : 0.2.8.4-6.2+deb6u1
CVE ID : CVE-2015-0848 CVE-2015-4588
Debian Bug : #787644

The following vulnerabilities were discovered in the Windows Metafile
conversion library when reading BMP images embedded into WMF files:

CVE-2015-0848

A heap overflow when decoding embedded BMP images that don't use 8 bits per
pixel.

CVE-2015-4588

A missing check in the RLE decoding of embedded BMP images.

We recommend that you update your libwmf packages.