Published: 06/07/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote malicious users to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wvware wv2 0.2.2
wvware wv2 0.2.3
wvware libwmf 0.2.8_.4
wvware wv2 0.2.1

Debian Bug report logs - #381538 CVE-2006-3376: arbitrary code execution in libwmf Package: libwmf02-7; Maintainer for libwmf02-7 is Debian QA Group <packages@qadebianorg>; Source for libwmf02-7 is src:libwmf (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 5 Aug 2006 09:33:01 UTC ...

An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user’s privileges ...

Integer overflow in playerc in libwmf 0284, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file ...

NVD-CWE-Other http://www.securityfocus.com/bid/18751 http://secunia.com/advisories/20921 http://rhn.redhat.com/errata/RHSA-2006-0597.html http://securitytracker.com/id?1016518 http://secunia.com/advisories/21064 http://secunia.com/advisories/21261 http://security.gentoo.org/glsa/glsa-200608-17.xml http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.ubuntu.com/usn/usn-333-1 http://secunia.com/advisories/21473 http://secunia.com/advisories/21419 http://secunia.com/advisories/22311 http://secunia.com/advisories/21459 http://www.mandriva.com/security/advisories?name=MDKSA-2006:132 http://securityreason.com/securityalert/1190 http://www.vupen.com/english/advisories/2006/2646 https://www.debian.org/security/2006/dsa-1194 https://exchange.xforce.ibmcloud.com/vulnerabilities/27516 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262 http://www.securityfocus.com/archive/1/438803/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381538 https://usn.ubuntu.com/333-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-3376

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect