CVE-2006-3376

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921	Vendor Advisory
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21459
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
https://www.debian.org/security/2006/dsa-1194

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wvware:libwmf:0.2.8_.4:::::::*
	cpe:2.3:a:wvware:wv2:0.2.1:::::::*
	cpe:2.3:a:wvware:wv2:0.2.2:::::::*
	cpe:2.3:a:wvware:wv2:0.2.3:::::::*

History

No history.

Information

Published : 2006-07-06 20:05

Updated : 2024-02-28 10:42

NVD link : CVE-2006-3376

Mitre link : CVE-2006-3376

CVE.ORG link : CVE-2006-3376

JSON object : View

Products Affected

wvware

libwmf
wv2

CWE

NVD-CWE-Other

{"id": "CVE-2006-3376", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-07-06T20:05:00.000", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2006-0597.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20921", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21064", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21261", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21419", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21459", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21473", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22311", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-17.xml", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1190", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016518", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/438803/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18751", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-333-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2646", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2006/dsa-1194", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file."}, {"lang": "es", "value": "Desbordamiento de entero en el archivo player.c en libwmf 0.2.8.4, utilizado en m\u00faltiples productos incluyendo (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, y(6) imagemagick, que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s del campo cabecera MaxRecordSize en un archivo WMF."}], "lastModified": "2018-10-18T16:47:07.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C647E35-83D2-4D21-AA48-B963B9D6A123"}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "565FB525-8593-4148-8A01-EF99F745AB4D"}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0AB2FAA-427C-4313-B7AF-31829E58C367"}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98E88259-7829-4179-962D-64F98174F6C5"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}