CVE-2006-3376

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

References

http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21459
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://www.debian.org/security/2006/dsa-1194
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262

CVE-2006-3376

Affected packages