A libwmf update has been released for Debian 6 LTS
Package : libwmf
Version : 0.2.8.4-6.2+deb6u1
CVE ID : CVE-2015-0848 CVE-2015-4588
Debian Bug : #787644
The following vulnerabilities were discovered in the Windows Metafile
conversion library when reading BMP images embedded into WMF files:
CVE-2015-0848
A heap overflow when decoding embedded BMP images that don't use 8 bits per
pixel.
CVE-2015-4588
A missing check in the RLE decoding of embedded BMP images.
We recommend that you update your libwmf packages.