Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libwmf | Wvware | 0.2.8_.4 (including) | 0.2.8_.4 (including) |
| Wv2 | Wvware | 0.2.1 (including) | 0.2.1 (including) |
| Wv2 | Wvware | 0.2.2 (including) | 0.2.2 (including) |
| Wv2 | Wvware | 0.2.3 (including) | 0.2.3 (including) |
| Red Hat Enterprise Linux 4 | RedHat | libwmf-0:0.2.8.3-5.3 | * |
| Libwmf | Ubuntu | dapper | * |
| Libwmf | Ubuntu | devel | * |
| Libwmf | Ubuntu | edgy | * |
| Libwmf | Ubuntu | feisty | * |
References
- http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://secunia.com/advisories/20921
- http://secunia.com/advisories/21064
- http://secunia.com/advisories/21261
- http://secunia.com/advisories/21419
- http://secunia.com/advisories/21459
- http://secunia.com/advisories/21473
- http://secunia.com/advisories/22311
- http://security.gentoo.org/glsa/glsa-200608-17.xml
- http://securityreason.com/securityalert/1190
- http://securitytracker.com/id?1016518
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.securityfocus.com/archive/1/438803/100/0/threaded
- http://www.securityfocus.com/bid/18751
- http://www.ubuntu.com/usn/usn-333-1
- http://www.vupen.com/english/advisories/2006/2646
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
- https://www.debian.org/security/2006/dsa-1194
- http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://secunia.com/advisories/20921
- http://secunia.com/advisories/21064
- http://secunia.com/advisories/21261
- http://secunia.com/advisories/21419
- http://secunia.com/advisories/21459
- http://secunia.com/advisories/21473
- http://secunia.com/advisories/22311
- http://security.gentoo.org/glsa/glsa-200608-17.xml
- http://securityreason.com/securityalert/1190
- http://securitytracker.com/id?1016518
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.securityfocus.com/archive/1/438803/100/0/threaded
- http://www.securityfocus.com/bid/18751
- http://www.ubuntu.com/usn/usn-333-1
- http://www.vupen.com/english/advisories/2006/2646
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
- https://www.debian.org/security/2006/dsa-1194