ECMA-234 Metafile Library / News: Recent posts

Another security issue was patched in this release.

CVE-2020-13999

libEMF (aka ECMA-234 Metafile Library) through 1.0.12 is vulnerable to
Integer overflow condition in libemf.cpp:ScaleviewportExtEx function
leading to Denial of Service
VulnerabilityType : Integer Overflow
Vendor of Product : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.12
Attack Type : Local ( Remote if libEMF is used anywhere in the web
pipeline for processing EMF files )
Impact: Denial of Service
Has vendor confirmed or acknowledged the vulnerability? true

This is a re-release of libEMF-1.0.12. The NEWS file is updated to include the CVEs resolved in this release:

CVE-2020-11863
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
VulnerabilityType : Denial of service
Vendor of Product : https://packages.debian.org/source/sid/libemf
Affected Product Code Base : libemf - <=1.0.11
Attack Type : Local
Impact: Denial of Service
Has vendor confirmed or acknowledged the vulnerability? true... read more

Another decade, another release of libEMF. This time thanks go to Michael Shigorin for patches for the AARCH64 and E2K architectures. Also, many thanks to Chintan Shah at McAfee for pointing out several bugs in the code when handed malformed EMF files.

There are updates to the source to use a (slightly) more modern style of C++. You will need a C++11 compiler to build it now.

This is going to be the last release which supports the autotools build system. I've added preliminary CMake support. But the next go 'round will be all CMake. If you are responible for packaging libEMF for distribution, please send me any CMake settings you'd like to see in the CPack configuration.... read more

Thanks to Hanspeter Niederstrasser and Daniel Bermond for reporting an issue with parallel "make check". Also qflb.wu reported a seg-fault when reading a corrupted EMF file. Hopefully, both of these issues are fixed in 1.0.11.

Thanks to Guillaume Horel for pointing out that the "make install" command altered the name of the include subdirectory from libEMF to libemf, rendering the installation useless.

libEMF-1.0.8 is released. A few notes:

• Thanks to Bill Crocker ExtTextOutW is now implemented. Note that the function call expects a pointer to a UTF-16 string, not a wchar_t string.
• The autoconf infrastructure is updated. It may or may not have been an improvement.
• I have tried to disable the mailing list but it is hard to tell how successful that was though. I would delete it altogether if I could. It seems to attract nothing but spam and worse. If you have a question, please contact one of the developers directly.

Thanks to Stanislav Ochotnicky, libEMF now has support for a number of more obscure architectures, namely ARM, S390 and Alpha. He also improved the 32-/64-bit macros in the wine headers. Thanks Stanislav!

Well, that was quick. In spite of taking a float as the API argument, the metafile contains an integer. So, 1.0.6.

This release adds support for the SetMiterLimit API record. But mostly this is to refresh my knowledge of SourceForge. It's changed a lot in the last 10 years.

Years later libEMF is updated to work with GCC 4.

Version 1.0 of libEMF is available. The main changes are the ability to generate EMFs on big endian machines and the ability to read EMFs from disk (and replay them into a new context).