CVE-2006-3376 Information

Description

Integer overflow in player.c in libwmf 0.2.8.4 as used in multiple products including (1) wv (2) abiword (3) freetype (4) gimp (5) libgsf and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Reference

http://rhn.redhat.com/errata/RHSA-2006-0597.html http://secunia.com/advisories/20921 http://secunia.com/advisories/21064 http://secunia.com/advisories/21261 http://secunia.com/advisories/21419 http://secunia.com/advisories/21459 http://secunia.com/advisories/21473 http://secunia.com/advisories/22311 http://security.gentoo.org/glsa/glsa-200608-17.xml http://securityreason.com/securityalert/1190 http://securitytracker.com/id?1016518 http://www.mandriva.com/security/advisories?name=MDKSA-2006:132 http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.securityfocus.com/archive/1/438803/100/0/threaded http://www.securityfocus.com/bid/18751 http://www.ubuntu.com/usn/usn-333-1 http://www.vupen.com/english/advisories/2006/2646 https://exchange.xforce.ibmcloud.com/vulnerabilities/27516 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10262 https://www.debian.org/security/2006/dsa-1194