ID |
CVE-2006-3376
|
Summary |
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
-
cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 18-10-2018 - 16:47) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:04:08.315-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | family | unix | id | oval:org.mitre.oval:def:10262 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | version | 29 |
|
redhat
via4
|
advisories | bugzilla | id | 1618139 | title | CVE-2006-3376 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | libwmf is earlier than 0:0.2.8.3-5.3 | oval | oval:com.redhat.rhsa:tst:20060597001 |
comment | libwmf is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060597002 |
|
AND | comment | libwmf-devel is earlier than 0:0.2.8.3-5.3 | oval | oval:com.redhat.rhsa:tst:20060597003 |
comment | libwmf-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060597004 |
|
|
|
|
| rhsa | id | RHSA-2006:0597 | released | 2006-07-18 | severity | Moderate | title | RHSA-2006:0597: libwmf security update (Moderate) |
|
| rpms | - libwmf-0:0.2.8.3-5.3
- libwmf-debuginfo-0:0.2.8.3-5.3
- libwmf-devel-0:0.2.8.3-5.3
|
|
refmap
via4
|
bid | 18751 | bugtraq | 20060630 libwmf integer/heap overflow | debian | DSA-1194 | gentoo | GLSA-200608-17 | mandriva | MDKSA-2006:132 | sectrack | 1016518 | secunia | - 20921
- 21064
- 21261
- 21419
- 21459
- 21473
- 22311
| sreason | 1190 | suse | SUSE-SR:2006:019 | ubuntu | USN-333-1 | vupen | ADV-2006-2646 | xf | libwmf-wmf-bo(27516) |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-03-14 | organization | Red Hat | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
Last major update |
18-10-2018 - 16:47 |
Published |
06-07-2006 - 20:05 |
Last modified |
18-10-2018 - 16:47 |