Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Max CVSS
7.5
EPSS Score
18.97%
Published
2006-07-06
Updated
2018-10-18
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
Max CVSS
6.8
EPSS Score
2.57%
Published
2015-07-01
Updated
2018-10-30
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
Max CVSS
6.8
EPSS Score
3.41%
Published
2015-07-01
Updated
2018-10-30
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
Max CVSS
5.0
EPSS Score
10.04%
Published
2015-07-01
Updated
2017-09-22
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
Max CVSS
4.3
EPSS Score
5.24%
Published
2015-07-01
Updated
2017-09-22
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
Max CVSS
5.5
EPSS Score
0.32%
Published
2017-03-23
Updated
2017-03-27
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!