CVE-2006-3376

CVSS 7.5 - HIGH

Description

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

Affected Products

4

Vendor	Product	Version
wvware	libwmf	`0.2.8_.4`
wvware	wv2	`0.2.1`
wvware	wv2	`0.2.2`
wvware	wv2	`0.2.3`

References

http://rhn.redhat.com/errata/RHSA-2006-0597.html

http://secunia.com/advisories/20921

http://secunia.com/advisories/21064

http://secunia.com/advisories/21261

http://secunia.com/advisories/21419

http://secunia.com/advisories/21459

http://secunia.com/advisories/21473

http://secunia.com/advisories/22311

http://security.gentoo.org/glsa/glsa-200608-17.xml

http://securityreason.com/securityalert/1190

http://securitytracker.com/id?1016518

http://www.mandriva.com/security/advisories?name=M...

http://www.novell.com/linux/security/advisories/20...

http://www.securityfocus.com/archive/1/438803/100/...

http://www.securityfocus.com/bid/18751

http://www.ubuntu.com/usn/usn-333-1

http://www.vupen.com/english/advisories/2006/2646

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

https://oval.cisecurity.org/repository/search/defi...

https://www.debian.org/security/2006/dsa-1194

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2006-3376
Published:: 2006-07-06
Modified:: 2026-04-16
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

wvware

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL