Vulnerability Details : CVE-2006-3376
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-3376
Probability of exploitation activity in the next 30 days: 18.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-3376
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
Vendor statements for CVE-2006-3376
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
-
http://securitytracker.com/id?1016518
-
http://www.ubuntu.com/usn/usn-333-1
-
http://www.securityfocus.com/bid/18751
-
http://security.gentoo.org/glsa/glsa-200608-17.xml
-
http://www.vupen.com/english/advisories/2006/2646
-
https://www.debian.org/security/2006/dsa-1194
Debian -- Security Information -- DSA-1194-1 libwmf
-
http://www.securityfocus.com/archive/1/438803/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
-
http://securityreason.com/securityalert/1190
- cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*