CVE-2009-1364: Use After Free
First published: Tue Apr 21 2009(Updated: )
Tavis Ormandy reported a use-after-free error affecing liwmf library. Flaw exists in gdClipSetAdd in src/extra/gd/gd_clip.c. 69 if (im->clip->count == im->clip->max) 70 { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); 71 if (more == 0) return; 72 im->clip->max += 8; 73 } more returned by gdRealloc (wrapper around standard realloc) is not assigned to im->clip->list as it should, im->clip->list may point to memory no longer used or allocated to something else. Acknowledgements: Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libwmf | =0.2.8.4 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=496864
- https://launchpad.net/bugs/cve/2009-1364
- http://rhn.redhat.com/errata/RHSA-2009-0457.html
- http://www.securityfocus.com/bid/34792
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:106
- http://www.ubuntu.com/usn/USN-769-1
- http://secunia.com/advisories/34964
- http://secunia.com/advisories/35001
- http://www.vupen.com/english/advisories/2009/1228
- http://www.debian.org/security/2009/dsa-1796
- http://www.securitytracker.com/id?1022154
- http://secunia.com/advisories/34901
- http://secunia.com/advisories/35025
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html
- http://secunia.com/advisories/35190
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://secunia.com/advisories/35416
- http://security.gentoo.org/glsa/glsa-200907-01.xml
- http://secunia.com/advisories/35686
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
- http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50290
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959
- http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/gd/gd_clip.c?hideattic=0&view=log
- https://rhn.redhat.com/errata/RHSA-2009-0457.html
- http://admin.fedoraproject.org/updates/libwmf-0.2.8.4-18.1.fc9
- http://admin.fedoraproject.org/updates/libwmf-0.2.8.4-18.1.fc10
- http://admin.fedoraproject.org/updates/libwmf-0.2.8.4-20.fc11
- http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log
Frequently Asked Questions
What is the severity of CVE-2009-1364?
CVE-2009-1364 is considered to have moderate severity due to the potential for use-after-free vulnerabilities in the libwmf library.
How do I fix CVE-2009-1364?
To fix CVE-2009-1364, upgrade the libwmf library to version 0.2.8.5 or later.
Which software is affected by CVE-2009-1364?
CVE-2009-1364 affects libwmf version 0.2.8.4 and specific versions of openSUSE 13.1 and 13.2.
What type of vulnerability is CVE-2009-1364?
CVE-2009-1364 is a use-after-free vulnerability that could lead to application crashes or potentially code execution.
Who reported the CVE-2009-1364 vulnerability?
The CVE-2009-1364 vulnerability was reported by security researcher Tavis Ormandy.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/launchpad-cve
- source/Launchpad
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1364
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/francis james franklin
- canonical/libwmf
- version/libwmf/0.2.8.4
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- version/suse linux/13.2