CVE-2015-4588

2015-07-0114:59:10

CWE-119

mitre

web.nvd.nist.gov

cve

2015

4588

libwmf

buffer overflow

denial of service

remote attack

code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.034

Percentile

91.5%

JSON

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted “run-length count” in an image in a WMF file.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

wvwarelibwmfMatch0.2.8.4

Node

fedoraprojectfedoraMatch21

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
wvwarelibwmf0.2.8.4cpe:2.3:a:wvware:libwmf:0.2.8.4:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
wvware	libwmf	0.2.8.4	cpe:2.3:a:wvware:libwmf:0.2.8.4:::::::*
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*