CVE-2006-3376 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3376
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3376

Description: Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27516 UBUNTU http://www.ubuntu.com/usn/usn-333-1 SUSE http://www.novell.com/linux/security/advisories/2006_19_sr.html ST 1016518 SREASON http://securityreason.com/securityalert/1190 SAID Secunia Advisory: SA21459 Secunia Advisory: SA22311 Secunia Advisory: SA21064 Secunia Advisory: SA21261 Secunia Advisory: SA21419 Secunia Advisory: SA21473 Secunia Advisory: SA20921 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0597.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:132 GENTOO http://security.gentoo.org/glsa/glsa-200608-17.xml DEBIAN http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00289.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/438803/100/0/threaded BID 18751

Return to the previous page.