ID CVE-2006-3376
Summary Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
References
Vulnerable Configurations
  • cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
    cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:04:08.315-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
family unix
id oval:org.mitre.oval:def:10262
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
version 29
redhat via4
advisories
bugzilla
id 1618139
title CVE-2006-3376 security flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment libwmf is earlier than 0:0.2.8.3-5.3
          oval oval:com.redhat.rhsa:tst:20060597001
        • comment libwmf is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060597002
      • AND
        • comment libwmf-devel is earlier than 0:0.2.8.3-5.3
          oval oval:com.redhat.rhsa:tst:20060597003
        • comment libwmf-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060597004
rhsa
id RHSA-2006:0597
released 2006-07-18
severity Moderate
title RHSA-2006:0597: libwmf security update (Moderate)
rpms
  • libwmf-0:0.2.8.3-5.3
  • libwmf-debuginfo-0:0.2.8.3-5.3
  • libwmf-devel-0:0.2.8.3-5.3
refmap via4
bid 18751
bugtraq 20060630 libwmf integer/heap overflow
debian DSA-1194
gentoo GLSA-200608-17
mandriva MDKSA-2006:132
sectrack 1016518
secunia
  • 20921
  • 21064
  • 21261
  • 21419
  • 21459
  • 21473
  • 22311
sreason 1190
suse SUSE-SR:2006:019
ubuntu USN-333-1
vupen ADV-2006-2646
xf libwmf-wmf-bo(27516)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 18-10-2018 - 16:47
Published 06-07-2006 - 20:05
Last modified 18-10-2018 - 16:47
Back to Top