Martin Pitt <[EMAIL PROTECTED]> writes: > libwmf contains an ancient (2001!) copy of libgd2, which is vulnerable > against CVE-2004-0941, CVE-2004-0990 (integer overflows which can be > exploited for arbitrary code execution with crafted PNGs) and > CVE-2006-2906 (DoS with crafted GIFs). > > I did not verify whether these can be exploited through libwmf, > therefore I did not set this to 'grave'. However, this should be fixed > just to be on the safe side. Original libgd2 patches: > > http://people.ubuntu.com/patches/libgd2.CVE-2004-0941_0990.diff > http://people.ubuntu.com/patches/libgd2.CVE-2006-2906.diff
AFAIK, libgd is used to write images rather than read them, so at least CVE-2004-0990 and CVE-2006-2906 shouldn't be an issue. I'm working through the code... > The best solution would be to build against the system libgd2 and > ignore the code copy completely. This avoids code copies (which are > *VERY* *VERY* hard to find), and thus such vulnerabilities, at all. Unfortunately, libwmf requires a patched libgd with additional functionality for clipping. :-( Thanks, Matej -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
