CVE-2006-3376 - OpenCVE

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wvware	Wv2 Libwmf

Configuration 1 [-]

OR	cpe:2.3:a:wvware:libwmf:0.2.8_.4:::::::*
	cpe:2.3:a:wvware:wv2:0.2.1:::::::*
	cpe:2.3:a:wvware:wv2:0.2.2:::::::*
	cpe:2.3:a:wvware:wv2:0.2.3:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2006-0597.html
http://secunia.com/advisories/20921	Vendor Advisory
http://secunia.com/advisories/21064
http://secunia.com/advisories/21261
http://secunia.com/advisories/21419
http://secunia.com/advisories/21459
http://secunia.com/advisories/21473
http://secunia.com/advisories/22311
http://security.gentoo.org/glsa/glsa-200608-17.xml
http://securityreason.com/securityalert/1190
http://securitytracker.com/id?1016518
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.securityfocus.com/archive/1/438803/100/0/threaded
http://www.securityfocus.com/bid/18751
http://www.ubuntu.com/usn/usn-333-1
http://www.vupen.com/english/advisories/2006/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
https://www.debian.org/security/2006/dsa-1194

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-06T20:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-07-06T00:00:00

Link: CVE-2006-3376

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-06T20:05:00.000

Modified: 2018-10-18T16:47:07.893

Link: CVE-2006-3376

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060630 libwmf integer/heap overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:10262", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262"}, {"name": "20921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20921"}, {"name": "libwmf-wmf-bo(27516)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516"}, {"name": "1016518", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016518"}, {"name": "21473", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21473"}, {"name": "22311", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22311"}, {"name": "USN-333-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-333-1"}, {"name": "1190", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1190"}, {"name": "21459", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21459"}, {"name": "18751", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18751"}, {"name": "SUSE-SR:2006:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"}, {"name": "21064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21064"}, {"name": "ADV-2006-2646", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2646"}, {"name": "DSA-1194", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2006/dsa-1194"}, {"name": "21261", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21261"}, {"name": "MDKSA-2006:132", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132"}, {"name": "21419", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21419"}, {"name": "RHSA-2006:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0597.html"}, {"name": "GLSA-200608-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-17.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3376", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060630 libwmf integer/heap overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:10262", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262"}, {"name": "20921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20921"}, {"name": "libwmf-wmf-bo(27516)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516"}, {"name": "1016518", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016518"}, {"name": "21473", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21473"}, {"name": "22311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22311"}, {"name": "USN-333-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-333-1"}, {"name": "1190", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1190"}, {"name": "21459", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21459"}, {"name": "18751", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18751"}, {"name": "SUSE-SR:2006:019", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"}, {"name": "21064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21064"}, {"name": "ADV-2006-2646", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2646"}, {"name": "DSA-1194", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2006/dsa-1194"}, {"name": "21261", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21261"}, {"name": "MDKSA-2006:132", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132"}, {"name": "21419", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21419"}, {"name": "RHSA-2006:0597", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2006-0597.html"}, {"name": "GLSA-200608-17", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200608-17.xml"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3376", "datePublished": "2006-07-06T20:00:00", "dateReserved": "2006-07-06T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*", "matchCriteriaId": "4C647E35-83D2-4D21-AA48-B963B9D6A123", "vulnerable": true}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "565FB525-8593-4148-8A01-EF99F745AB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0AB2FAA-427C-4313-B7AF-31829E58C367", "vulnerable": true}, {"criteria": "cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "98E88259-7829-4179-962D-64F98174F6C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file."}, {"lang": "es", "value": "Desbordamiento de entero en el archivo player.c en libwmf 0.2.8.4, utilizado en m\u00faltiples productos incluyendo (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, y(6) imagemagick, que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s del campo cabecera MaxRecordSize en un archivo WMF."}], "id": "CVE-2006-3376", "lastModified": "2018-10-18T16:47:07.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-06T20:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2006-0597.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20921"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21064"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21261"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21419"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21459"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21473"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22311"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200608-17.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1190"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016518"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438803/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18751"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-333-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2646"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2006/dsa-1194"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}