Vulnerabilities > CVE-2006-3376 - Unspecified vulnerability in Wvware Libwmf and WV2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN wvware
nessus
Summary
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-132.NASL description Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23882 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23882 title Mandrake Linux Security Advisory : libwmf (MDKSA-2006:132) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1194.NASL description It was discovered that an integer overflow in libwmf, the library to read Windows Metafile Format files, can be exploited to execute arbitrary code if a crafted WMF file is parsed. last seen 2020-06-01 modified 2020-06-02 plugin id 22735 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22735 title Debian DSA-1194-1 : libwmf - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-17.NASL description The remote host is affected by the vulnerability described in GLSA-200608-17 (libwmf: Buffer overflow vulnerability) infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buffer overflow. Impact : By enticing a user to open a specially crafted WMF file, a remote attacker could cause a heap-based buffer overflow and execute arbitrary code with the permissions of the user running the application that uses libwmf. Workaround : There is no known workaround for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22216 published 2006-08-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22216 title GLSA-200608-17 : libwmf: Buffer overflow vulnerability NASL family Fedora Local Security Checks NASL id FEDORA_2006-804.NASL description CVE-2006-3376 integer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24145 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24145 title Fedora Core 4 : libwmf-0.2.8.3-8.1 (2006-804) NASL family Fedora Local Security Checks NASL id FEDORA_2006-831.NASL description Fix side-effect of CVE-2006-3376 on x86_64 edge case Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24151 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24151 title Fedora Core 5 : libwmf-0.2.8.4-5.2 (2006-831) NASL family Fedora Local Security Checks NASL id FEDORA_2006-832.NASL description CVE-2006-3376: fix minor side-effect on 64bit platforms Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24152 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24152 title Fedora Core 4 : libwmf-0.2.8.3-8.2 (2006-832) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-120-01.NASL description New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109432 published 2018-05-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109432 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_48AAB1D0425211DEB67A0030843D3802.NASL description Secunia reports : infamous41md has reported a vulnerability in libwmf, which potentially can be exploited by malicious people to compromise an application using the vulnerable library. The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 38800 published 2009-05-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38800 title FreeBSD : libwmf -- integer overflow vulnerability (48aab1d0-4252-11de-b67a-0030843d3802) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0597.NASL description Updated libwmf packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Libwmf is a library for reading and converting Windows MetaFile vector graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick. An integer overflow flaw was discovered in libwmf. An attacker could create a carefully crafted WMF flaw that could execute arbitrary code if opened by a victim. (CVE-2006-3376). Users of libwmf should update to these packages which contain a backported security patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22070 published 2006-07-19 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22070 title RHEL 4 : libwmf (RHSA-2006:0597) NASL family SuSE Local Security Checks NASL id SUSE_LIBWMF-1840.NASL description A heap overflow could be triggered by specially crafted WMF (Windows Meta Files) in the libwmf library. This problem could be exploited to execute code, by a remote attacker providing a file with embedded WMF data to an application understanding this (like OpenOffice_org, abiword, gimp). This issue is tracked by the Mitre CVE ID CVE-2006-3376. last seen 2020-06-01 modified 2020-06-02 plugin id 27336 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27336 title openSUSE 10 Security Update : libwmf (libwmf-1840) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-333-1.NASL description An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 27912 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27912 title Ubuntu 5.04 / 5.10 / 6.06 LTS : libwmf vulnerability (USN-333-1) NASL family SuSE Local Security Checks NASL id SUSE_LIBWMF-1833.NASL description A heap overflow could be triggered by specially crafted WMF (Windows Meta Files) in the libwmf library. This problem could be exploited to execute code, by a remote attacker providing a file with embedded WMF data to an application understanding this (like OpenOffice_org, abiword, gimp). This issue is tracked by the Mitre CVE ID CVE-2006-3376. last seen 2020-06-01 modified 2020-06-02 plugin id 29515 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29515 title SuSE 10 Security Update : libwmf (ZYPP Patch Number 1833) NASL family Fedora Local Security Checks NASL id FEDORA_2006-805.NASL description CVE-2006-3376 int overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24146 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24146 title Fedora Core 5 : libwmf-0.2.8.4-5.1 (2006-805) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0597.NASL description Updated libwmf packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Libwmf is a library for reading and converting Windows MetaFile vector graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick. An integer overflow flaw was discovered in libwmf. An attacker could create a carefully crafted WMF flaw that could execute arbitrary code if opened by a victim. (CVE-2006-3376). Users of libwmf should update to these packages which contain a backported security patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22066 published 2006-07-19 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22066 title CentOS 4 : libwmf (CESA-2006:0597)
Oval
| accepted | 2013-04-29T04:04:08.315-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10262 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://rhn.redhat.com/errata/RHSA-2006-0597.html
- http://secunia.com/advisories/20921
- http://secunia.com/advisories/20921
- http://secunia.com/advisories/21064
- http://secunia.com/advisories/21064
- http://secunia.com/advisories/21261
- http://secunia.com/advisories/21261
- http://secunia.com/advisories/21419
- http://secunia.com/advisories/21419
- http://secunia.com/advisories/21459
- http://secunia.com/advisories/21459
- http://secunia.com/advisories/21473
- http://secunia.com/advisories/21473
- http://secunia.com/advisories/22311
- http://secunia.com/advisories/22311
- http://security.gentoo.org/glsa/glsa-200608-17.xml
- http://security.gentoo.org/glsa/glsa-200608-17.xml
- http://securityreason.com/securityalert/1190
- http://securityreason.com/securityalert/1190
- http://securitytracker.com/id?1016518
- http://securitytracker.com/id?1016518
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.securityfocus.com/archive/1/438803/100/0/threaded
- http://www.securityfocus.com/archive/1/438803/100/0/threaded
- http://www.securityfocus.com/bid/18751
- http://www.securityfocus.com/bid/18751
- http://www.ubuntu.com/usn/usn-333-1
- http://www.ubuntu.com/usn/usn-333-1
- http://www.vupen.com/english/advisories/2006/2646
- http://www.vupen.com/english/advisories/2006/2646
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27516
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
- https://www.debian.org/security/2006/dsa-1194
- https://www.debian.org/security/2006/dsa-1194