libwmf vulnerability

ID USN-333-1
Type ubuntu
Reporter Ubuntu
Modified 2006-08-09T00:00:00


An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user’s privileges.