Vulnerability Name:

CVE-2006-3376 (CCN-27516)

Assigned:2006-06-30
Published:2006-06-30
Updated:2018-10-18
Summary:Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Jun 30 2006 - 02:03:05 CDT
libwmf integer/heap overflow

Source: MITRE
Type: CNA
CVE-2006-3376

Source: CCN
Type: RHSA-2006-0597
libwmf security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0597

Source: CCN
Type: SA20921
libwmf Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
20921

Source: SECUNIA
Type: UNKNOWN
21064

Source: SECUNIA
Type: UNKNOWN
21261

Source: SECUNIA
Type: UNKNOWN
21419

Source: SECUNIA
Type: UNKNOWN
21459

Source: SECUNIA
Type: UNKNOWN
21473

Source: SECUNIA
Type: UNKNOWN
22311

Source: GENTOO
Type: UNKNOWN
GLSA-200608-17

Source: SREASON
Type: UNKNOWN
1190

Source: CCN
Type: SECTRACK ID: 1016518
libwmf Integer Overflow in `player.c` Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016518

Source: CCN
Type: ASA-2006-145
libwmf security update (RHSA-2006-0597)

Source: CCN
Type: libwmf Web site
libwmf, library to convert wmf files

Source: DEBIAN
Type: DSA-1194
libwmf -- integer overflow

Source: CCN
Type: GLSA-200608-17
libwmf: Buffer overflow vulnerability

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:132

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:019

Source: CCN
Type: OpenPKG-SA-2006.031
libwmf

Source: BUGTRAQ
Type: UNKNOWN
20060630 libwmf integer/heap overflow

Source: BID
Type: UNKNOWN
18751

Source: CCN
Type: BID-18751
LibWMF WMF File Handling Integer Overflow Vulnerability

Source: CCN
Type: TLSA-2007-16
libwmf buffer over flow

Source: CCN
Type: USN-333-1
libwmf vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-333-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-2646

Source: XF
Type: UNKNOWN
libwmf-wmf-bo(27516)

Source: XF
Type: UNKNOWN
libwmf-wmf-bo(27516)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10262

Source: DEBIAN
Type: UNKNOWN
DSA-1194

Source: SUSE
Type: SUSE-SR:2006:019
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*
  • OR cpe:/a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:wvware:wv2:0.2.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20063376
    V
    		CVE-2006-3376
    2023-06-22
    oval:org.opensuse.security:def:3588
    P
    		libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95218
    P
    		libwmf-0_2-7-0.2.12-150000.4.4.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:112918
    P
    		libwmf-0_2-7-0.2.12-2.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106373
    P
    		libwmf-0_2-7-0.2.12-2.3 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26128
    P
    		Security update for postgresql13 (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:36503
    P
    		libwmf-0.2.8.4-206.27.4 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26064
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:26052
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:26053
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:26731
    P
    		krb5-plugin-kdb-ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27466
    P
    		libnetpbm-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26478
    P
    		Security update for nextcloud (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26770
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26256
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27501
    P
    		libwmf on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26629
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26784
    P
    		mono-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26337
    P
    		Security update for freexl (Low)
    2020-12-01
    oval:org.opensuse.security:def:26682
    P
    		cyrus-imapd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26828
    P
    		system-config-printer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26394
    P
    		Security update for chromium (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:10262
    V
    		Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
    2013-04-29
    oval:com.redhat.rhsa:def:20060597
    P
    		RHSA-2006:0597: libwmf security update (Moderate)
    2008-03-20
    oval:org.debian:def:1194
    V
    		integer overflow
    2006-10-09
    BACK
    wvware libwmf 0.2.8_.4
    wvware wv2 0.2.1
    wvware wv2 0.2.2
    wvware wv2 0.2.3