6.9 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.19 Low
EPSS
Percentile
96.2%
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
CPE | Name | Operator | Version |
---|---|---|---|
wvware:wv2 | wvware wv2 | eq | 0.2.3 |
wvware:wv2 | wvware wv2 | eq | 0.2.1 |
wvware:libwmf | wvware libwmf | eq | 0.2.8_.4 |
wvware:wv2 | wvware wv2 | eq | 0.2.2 |
rhn.redhat.com/errata/RHSA-2006-0597.html
secunia.com/advisories/20921
secunia.com/advisories/21064
secunia.com/advisories/21261
secunia.com/advisories/21419
secunia.com/advisories/21459
secunia.com/advisories/21473
secunia.com/advisories/22311
security.gentoo.org/glsa/glsa-200608-17.xml
securityreason.com/securityalert/1190
securitytracker.com/id?1016518
www.mandriva.com/security/advisories?name=MDKSA-2006:132
www.novell.com/linux/security/advisories/2006_19_sr.html
www.securityfocus.com/archive/1/438803/100/0/threaded
www.securityfocus.com/bid/18751
www.ubuntu.com/usn/usn-333-1
www.vupen.com/english/advisories/2006/2646
exchange.xforce.ibmcloud.com/vulnerabilities/27516
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262
www.debian.org/security/2006/dsa-1194