Name | Modified | Size | Downloads / Week |
---|---|---|---|
Parent folder | |||
README | 2020-06-14 | 2.8 kB | |
libemf-1.0.13.tar.gz | 2020-06-14 | 1.3 MB | |
Totals: 2 Items | 1.3 MB | 5 |
Release note for libEMF version 1.0.13 This release fixes a security issue: CVE-2020-13999 libEMF (aka ECMA-234 Metafile Library) through 1.0.12 is vulnerable to Integer overflow condition in libemf.cpp:ScaleviewportExtEx function leading to Denial of Service VulnerabilityType : Integer Overflow Vendor of Product : https://packages.debian.org/source/sid/libemf Affected Product Code Base : libemf - <=1.0.12 Attack Type : Local ( Remote if libEMF is used anywhere in the web pipeline for processing EMF files ) Impact: Denial of Service Has vendor confirmed or acknowledged the vulnerability? true ------------------------------------------------------------------------ Release note for libEMF version 1.0.12 This release fixes a number of security issues: CVE-2020-11863 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). VulnerabilityType : Denial of service Vendor of Product : https://packages.debian.org/source/sid/libemf Affected Product Code Base : libemf - <=1.0.11 Attack Type : Local Impact: Denial of Service Has vendor confirmed or acknowledged the vulnerability? true CVE-2020-11864 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). VulnerabilityType : Denial of service [Vendor of Product] : https://packages.debian.org/source/sid/libemf Affected Product Code Base : libemf - <=1.0.11 Attack Type : Local Impact Denial of Service : true Has vendor confirmed or acknowledged the vulnerability? true CVE-2020-11865 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access VulnerabilityType : Out of bounds memory access [Vendor of Product] : https://packages.debian.org/source/sid/libemf Affected Product Code Base : libemf - <=1.0.11 Attack Type : Local Impact: Information Disclosure Has vendor confirmed or acknowledged the vulnerability ? true CVE-2020-11866 libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free VulnerabilityType: Use after free Vendor of Product: https://packages.debian.org/source/sid/libemf Affected Product Code Base : libemf - <=1.0.11 Attack Type : Local Impact: Code execution Has vendor confirmed or acknowledged the vulnerability ? true New in libEMF version 1.0 All of the poly* routines will now emit 16-bit records if the coordinates are all small enough (reduces the size of the metafile somewhat). New in libEMF version 0.5 Support for reading an existing EMF file. Support for PlayEnhMetaFile, to replay a collected metafile. New in libEMF version 0.3 Support for writing EMF files on big-endian machines Support of passing NULL as the initial EMF size. libEMF now maintains more graphics state information. Alpha Autoconf support