Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote malicious users to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wvware wv2 0.2.2 |
||
wvware wv2 0.2.3 |
||
wvware libwmf 0.2.8_.4 |
||
wvware wv2 0.2.1 |