CVE-2006-3376 — Libwmf vulnerability

9 documents7 sources

Severity

7.5HIGHNVD

EPSS

12.2%

top 6.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wvware Libwmf Debian Libwmf Wvware WV2

Timeline

PublishedJul 6

Latest updateMay 1

Description

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/libwmf< libwmf 0.2.8.4-2 (bookworm)

▶Debianwvware/libwmf< 0.2.8.4-2+3

▶NVDwvware/libwmf0.2.8_.4

▶NVDwvware/wv20.2.1, 0.2.2, 0.2.3+2

🔴Vulnerability Details

GHSA

GHSA-gm5p-fx2g-h9h3: Integer overflow in player↗2022-05-01

▶

OSV

CVE-2006-3376: Integer overflow in player↗2006-07-06

▶

📋Vendor Advisories

Ubuntu

libwmf vulnerability↗2006-08-09

▶

Red Hat

security flaw↗2006-06-30

▶

Debian

CVE-2006-3376: libwmf - Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products inc...↗2006

▶

💬Community

Bugzilla

CVE-2006-3376 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3376 libwmf integer overflow↗2006-07-10

▶

Bugzilla

CVE-2006-3376 libwmf integer overflow↗2006-07-10

▶