CVE-2006-3376: arbitrary code execution in libwmf

Debian Bug report logs - #381538
CVE-2006-3376: arbitrary code execution in libwmf

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2006-3376: arbitrary code execution in libwmf

Date: Sat, 05 Aug 2006 11:07:39 +0200

Package: libwmf0.2-7
Version: 0.2.8.4-1
Severity: grave
Tags: security
Justification: user security hole


CVE-2006-3376 reads:
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple
products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5)
libgsf, and (6) imagemagick allows remote attackers to execute
arbitrary code via the MaxRecordSize header field in a WMF file.

Please mention the CVE-id in the changelog.

Message #10 received at 381538-close@bugs.debian.org (full text, mbox, reply):

From: Matej Vela <vela@debian.org>

To: 381538-close@bugs.debian.org

Subject: Bug#381538: fixed in libwmf 0.2.8.4-2

Date: Sat, 05 Aug 2006 03:32:10 -0700

Source: libwmf
Source-Version: 0.2.8.4-2

We believe that the bug you reported is fixed in the latest version of
libwmf, which is due to be installed in the Debian FTP archive:

libwmf-bin_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf-bin_0.2.8.4-2_i386.deb
libwmf-dev_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf-dev_0.2.8.4-2_i386.deb
libwmf-doc_0.2.8.4-2_all.deb
  to pool/main/libw/libwmf/libwmf-doc_0.2.8.4-2_all.deb
libwmf0.2-7_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2_i386.deb
libwmf_0.2.8.4-2.diff.gz
  to pool/main/libw/libwmf/libwmf_0.2.8.4-2.diff.gz
libwmf_0.2.8.4-2.dsc
  to pool/main/libw/libwmf/libwmf_0.2.8.4-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381538@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matej Vela <vela@debian.org> (supplier of updated libwmf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  5 Aug 2006 12:15:57 +0200
Source: libwmf
Binary: libwmf-dev libwmf-bin libwmf-doc libwmf0.2-7
Architecture: source all i386
Version: 0.2.8.4-2
Distribution: unstable
Urgency: high
Maintainer: Matej Vela <vela@debian.org>
Changed-By: Matej Vela <vela@debian.org>
Description: 
 libwmf-bin - Windows metafile conversion tools
 libwmf-dev - Windows metafile conversion development
 libwmf-doc - Windows metafile documentation
 libwmf0.2-7 - Windows metafile conversion library
Closes: 381538
Changes: 
 libwmf (0.2.8.4-2) unstable; urgency=high
 .
   * src/player.c: Fix integer overflow vulnerability.  [CVE-2006-3376]
     Closes: #381538.
Files: 
 8b795932cc57c5eaf1027958b80964ae 757 libs optional libwmf_0.2.8.4-2.dsc
 a298170778683e60a72ba8e71b902561 7343 libs optional libwmf_0.2.8.4-2.diff.gz
 10b916fc49e8643d1b955654f7d46b07 173646 libs optional libwmf0.2-7_0.2.8.4-2_i386.deb
 ff4ba47be59bd766fd2488dcae47cdad 16894 graphics optional libwmf-bin_0.2.8.4-2_i386.deb
 900ba8750702ed0e3c01829fb64a9a7c 193082 libdevel optional libwmf-dev_0.2.8.4-2_i386.deb
 5d9567a792f67a0c1b5b1cc382ac1af8 271704 doc optional libwmf-doc_0.2.8.4-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE1HFAxBYivKllgY8RAikqAJwKehRBGqZVrarqRLXexlUUULk1YACfexdk
vxlMh8dA3VUlTSyfwMblC04=
=3zYn
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.