CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-3376

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.122

EPSS Ranking 93.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21459
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
https://www.debian.org/security/2006/dsa-1194
http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21459
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
https://www.debian.org/security/2006/dsa-1194

Products affected by CVE-2006-3376

Wvware » Libwmf » Version: 0.2.8_.4

cpe:2.3:a:wvware:libwmf:0.2.8_.4
Wvware » Wv2 » Version: 0.2.1

cpe:2.3:a:wvware:wv2:0.2.1
Wvware » Wv2 » Version: 0.2.2

cpe:2.3:a:wvware:wv2:0.2.2
Wvware » Wv2 » Version: 0.2.3

cpe:2.3:a:wvware:wv2:0.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3376

Products

Pricing

Contact Us