7.5

CVE-2006-3376

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WvwareLibwmf Version0.2.8_.4
WvwareWv2 Version0.2.1
WvwareWv2 Version0.2.2
WvwareWv2 Version0.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.75% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21459
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921
Vendor Advisory
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
https://www.debian.org/security/2006/dsa-1194