File: NEWS

package info (click to toggle)
libemf 1.0.13-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 1,628 kB
  • sloc: ansic: 14,361; cpp: 5,857; makefile: 47; sh: 3
file content (84 lines) | stat: -rw-r--r-- 2,767 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
Release note for libEMF version 1.0.13

This release fixes a security issue:

CVE-2020-13999

libEMF (aka ECMA-234 Metafile Library) through 1.0.12 is vulnerable to
Integer overflow condition in libemf.cpp:ScaleviewportExtEx function
leading to Denial of Service
VulnerabilityType : Integer Overflow
Vendor of Product : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.12
Attack Type : Local ( Remote if libEMF is used anywhere in the web
pipeline for processing EMF files )
Impact: Denial of Service
Has vendor confirmed or acknowledged the vulnerability? true

------------------------------------------------------------------------

Release note for libEMF version 1.0.12

        This release fixes a number of security issues:

CVE-2020-11863

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of
service (issue 1 of 2).
VulnerabilityType : Denial of service
Vendor of Product : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.11
Attack Type : Local
Impact: Denial of Service
Has vendor confirmed or acknowledged the vulnerability? true

CVE-2020-11864

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of
service (issue 2 of 2).
VulnerabilityType : Denial of service
[Vendor of Product] : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.11
Attack Type : Local
Impact Denial of Service : true
Has vendor confirmed or acknowledged the vulnerability? true

CVE-2020-11865

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows
out-of-bounds memory access
VulnerabilityType : Out of bounds memory access
[Vendor of Product] : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.11
Attack Type : Local
Impact: Information Disclosure
Has vendor confirmed or acknowledged the vulnerability ? true

CVE-2020-11866

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a
use-after-free
VulnerabilityType:  Use after free
Vendor of Product: https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.11
Attack Type : Local
Impact:  Code execution
Has vendor confirmed or acknowledged the vulnerability ? true

New in libEMF version 1.0

	All of the poly* routines will now emit 16-bit records if
	the coordinates are all small enough (reduces the size of
	the metafile somewhat).

New in libEMF version 0.5

	Support for reading an existing EMF file.
	Support for PlayEnhMetaFile, to replay a collected metafile.

New in libEMF version 0.3

	Support for writing EMF files on big-endian machines
	Support of passing NULL as the initial EMF size. libEMF now
	maintains more graphics state information.
	Alpha Autoconf support