CVE-2006-3376: Integer Overflow
First published: Thu Jul 06 2006(Updated: )
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wvware Wv2 | =0.2.3 | |
| Wvware Wv2 | =0.2.1 | |
| Wvware Libwmf | =0.2.8_.4 | |
| Wvware Wv2 | =0.2.2 | |
| debian/libwmf | 0.2.8.4-14 0.2.8.4-17 0.2.12-5.1 0.2.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/18751
- http://secunia.com/advisories/20921
- http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://securitytracker.com/id?1016518
- http://secunia.com/advisories/21064
- http://secunia.com/advisories/21261
- http://security.gentoo.org/glsa/glsa-200608-17.xml
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.ubuntu.com/usn/usn-333-1
- http://secunia.com/advisories/21473
- http://secunia.com/advisories/21419
- http://secunia.com/advisories/22311
- http://secunia.com/advisories/21459
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
- http://securityreason.com/securityalert/1190
- http://www.vupen.com/english/advisories/2006/2646
- https://www.debian.org/security/2006/dsa-1194
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
- http://www.securityfocus.com/archive/1/438803/100/0/threaded
- https://security-tracker.debian.org/tracker/CVE-2006-3376
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381538
- collector/nvd-historical
- collector/debian-bugs
- alias/CVE-2006-3376
- collector/nvd-index
- collector/security-tracker-debian
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/wvware
- canonical/wvware wv2
- version/wvware wv2/0.2.3
- version/wvware wv2/0.2.1
- canonical/wvware libwmf
- version/wvware libwmf/0.2.8_.4
- version/wvware wv2/0.2.2
- package-manager/debian