CVE-2006-3376
CVSS7.5
发布时间 :2006-07-06 16:05:00
修订时间 :2011-03-07 21:38:29
NMCOPS    

[原文]Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.


[CNNVD]LibWMF WMF文件处理整数溢出漏洞(CNNVD-200607-077)

        libwmf是用于读取和显示微软的WMF图形的函数库。
        libwmf在内存分配中的整数溢出可能会导致堆溢出,成功诱骗用户打开了特制WMF文件的攻击者可以远程执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:wvware:wv2:0.2.3
cpe:/a:wvware:wv2:0.2.2
cpe:/a:wvware:wv2:0.2.1
cpe:/a:wvware:libwmf:0.2.8_.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10262Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libg...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3376
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-077
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/2646
(UNKNOWN)  VUPEN  ADV-2006-2646
http://www.securityfocus.com/bid/18751
(UNKNOWN)  BID  18751
http://www.securityfocus.com/archive/1/archive/1/438803/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060630 libwmf integer/heap overflow
http://secunia.com/advisories/20921
(VENDOR_ADVISORY)  SECUNIA  20921
http://xforce.iss.net/xforce/xfdb/27516
(UNKNOWN)  XF  libwmf-wmf-bo(27516)
http://www.ubuntu.com/usn/usn-333-1
(UNKNOWN)  UBUNTU  USN-333-1
http://www.novell.com/linux/security/advisories/2006_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:019
http://www.mandriva.com/security/advisories?name=MDKSA-2006:132
(UNKNOWN)  MANDRIVA  MDKSA-2006:132
http://securitytracker.com/id?1016518
(UNKNOWN)  SECTRACK  1016518
http://securityreason.com/securityalert/1190
(UNKNOWN)  SREASON  1190
http://security.gentoo.org/glsa/glsa-200608-17.xml
(UNKNOWN)  GENTOO  GLSA-200608-17
http://secunia.com/advisories/22311
(UNKNOWN)  SECUNIA  22311
http://secunia.com/advisories/21473
(UNKNOWN)  SECUNIA  21473
http://secunia.com/advisories/21459
(UNKNOWN)  SECUNIA  21459
http://secunia.com/advisories/21419
(UNKNOWN)  SECUNIA  21419
http://secunia.com/advisories/21261
(UNKNOWN)  SECUNIA  21261
http://secunia.com/advisories/21064
(UNKNOWN)  SECUNIA  21064
http://rhn.redhat.com/errata/RHSA-2006-0597.html
(UNKNOWN)  REDHAT  RHSA-2006:0597
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00289.html
(UNKNOWN)  DEBIAN  DSA-1194

- 漏洞信息

LibWMF WMF文件处理整数溢出漏洞
高危 缓冲区溢出
2006-07-06 00:00:00 2013-01-08 00:00:00
远程  
        libwmf是用于读取和显示微软的WMF图形的函数库。
        libwmf在内存分配中的整数溢出可能会导致堆溢出,成功诱骗用户打开了特制WMF文件的攻击者可以远程执行任意指令。
        

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://wvware.sourceforge.net/

- 漏洞信息 (F49223)

Ubuntu Security Notice 333-1 (PacketStormID:F49223)
2006-08-27 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2006-3376
[点击下载]

Ubuntu Security Notice USN-333-1 - An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user's privileges.

=========================================================== 
Ubuntu Security Notice USN-333-1            August 09, 2006
libwmf vulnerability
CVE-2006-3376
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libwmf0.2-7                              0.2.8-1.1ubuntu0.1

Ubuntu 5.10:
  libwmf0.2-7                              0.2.8.3-2ubuntu0.1

Ubuntu 6.06 LTS:
  libwmf0.2-7                              0.2.8.3-3.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An integer overflow was found in the handling of the MaxRecordSize
field in the WMF header parser. By tricking a user into opening a
specially crafted WMF image file with an application that uses this
library, an attacker could exploit this to execute arbitrary code with
the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.diff.gz
      Size/MD5:     5304 e7805fbd610d936cfd64a4ad5529d604
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.dsc
      Size/MD5:      699 b38be3ecef264877a0a8aa57a3ef369f
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.orig.tar.gz
      Size/MD5:  1620489 269fb225cd44f40cc877fb6c63706112

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8-1.1ubuntu0.1_all.deb
      Size/MD5:   271748 8ab9644a6b59216b32c4669b8fd1d08d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:    20734 0423e72e4668c7c706e31591e751db7d
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:   204060 acfd872c6e935d9df25e055ceb4b1cf3
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5:   174006 85eab7d6300451d9cb0a05f3b0b0955f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:    18732 ff99549d18b4f31a21522e042d87bba6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:   190000 0c037a6a429249d2e95f92152cce6233
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5:   164928 e8aa9895eedcf46955a21a5b7114895c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:    25900 4018e7b12756dd292734e06641d9c215
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:   208320 8445f174ede961f90c0634e786d3d549
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5:   178750 b0db830818c196f815c0d26f161a7141

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.diff.gz
      Size/MD5:     7142 f60eca63b5d87fdfb5fd70a20a799122
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.dsc
      Size/MD5:      788 4fab72640e6cbc31616d80e9ff1efb5d
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz
      Size/MD5:  1737021 c7246bb724664189ade7895547387e6a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-2ubuntu0.1_all.deb
      Size/MD5:   271728 f1022f283d9cdd656521f8bd1f001337

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:    15452 6aacb2892e64bc40eaa73cce7bf6106a
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:   197976 d3006052733be31d47830d2f31d3cea8
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_amd64.deb
      Size/MD5:   174604 e96c6f24abd2c42103118329ac843dd2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:    13944 7a000303b7b8b9848dc84c448832462b
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:   178664 f0287b3bd1ef0211760f25f3776271ba
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_i386.deb
      Size/MD5:   159446 c53a29f7446d173ad15ab336901c216d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:    19682 68ed2e16fec205e4afe66fee41aedceb
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:   198396 8217bfc3dbd8add5ec7f10072b7064da
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_powerpc.deb
      Size/MD5:   178588 31bd92a0662e02d7561c6bfe62942021

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:    14736 1440557ccc8d651710a479fa52ddf43f
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:   193558 b43e73a341c099675ad0f5854708f1f1
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_sparc.deb
      Size/MD5:   167780 318f0310c891fbb97d7f66f3feb6bd89

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.diff.gz
      Size/MD5:     7333 f521b721712b0ab752beebfcacbc2bca
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.dsc
      Size/MD5:      787 ba7f7d57497ed05232a1ee2e335136a6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz
      Size/MD5:  1737021 c7246bb724664189ade7895547387e6a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-3.1ubuntu0.1_all.deb
      Size/MD5:   271718 965951077a2c870395a0b7ac95bd079a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:    17938 20f0cc89d3269a20acc92a186e136cb5
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:   207380 3e6194a937189c03f9cd3920c9d2625e
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_amd64.deb
      Size/MD5:   182314 49375dc6d7673b40fc18a36e3fb18bd4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:    16282 d764d015b1b6d54226ea7462c6cc46e8
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:   186178 aa417806aabee6b99cc006d51c9432d6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_i386.deb
      Size/MD5:   167174 35ffec3f86bf13c3cc78a56a3e6b3f66

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:    23138 bc6dcaf6487a7a37387588464aa7145c
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:   207374 a58e4fd73d7fda4a0c0ded54a41aee84
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_powerpc.deb
      Size/MD5:   186184 ef834ca675034ea667e96dbb2b833ee0

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:    17060 9b46ecdd77450c7ca65155336e27a01b
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:   202286 e83a995ff9afc034ce1fad2c233c41e7
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_sparc.deb
      Size/MD5:   175900 66ee4f8648d68321a6f8e2ed72ab957e
    

- 漏洞信息 (F48769)

Mandriva Linux Security Advisory 2006.132 (PacketStormID:F48769)
2006-08-03 00:00:00
Mandriva  mandriva.com
advisory,remote,overflow,arbitrary
linux,mandriva
CVE-2006-3376
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-132 - Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including wv, abiword, freetype, gimp, libgsf, and imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:132
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libwmf
 Date    : July 28, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products
 including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and 
 (6) imagemagick allows remote attackers to execute arbitrary code via the 
 MaxRecordSize header field in a WMF file.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 8444d8a03c7d7a27c7900b926ceed425  2006.0/RPMS/libwmf0.2_7-0.2.8.3-6.3.20060mdk.i586.rpm
 06e5b43eb58101a2f477463f741487c5  2006.0/RPMS/libwmf0.2_7-devel-0.2.8.3-6.3.20060mdk.i586.rpm
 94a6c393cfe9f1200cac9fa1a5f91e16  2006.0/RPMS/libwmf-0.2.8.3-6.3.20060mdk.i586.rpm
 95124757308566507ed5dfc6d5707928  2006.0/SRPMS/libwmf-0.2.8.3-6.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 f884c20e020d6b69923f554b58447da3  x86_64/2006.0/RPMS/lib64wmf0.2_7-0.2.8.3-6.3.20060mdk.x86_64.rpm
 929b12657158b991a1bf9d89630d14f4  x86_64/2006.0/RPMS/lib64wmf0.2_7-devel-0.2.8.3-6.3.20060mdk.x86_64.rpm
 9610aade95ffa152e5e9be9228b512d1  x86_64/2006.0/RPMS/libwmf-0.2.8.3-6.3.20060mdk.x86_64.rpm
 95124757308566507ed5dfc6d5707928  x86_64/2006.0/SRPMS/libwmf-0.2.8.3-6.3.20060mdk.src.rpm

 Corporate 3.0:
 9955beae1781bb6bbda0a0e33b48bd17  corporate/3.0/RPMS/libwmf0.2_7-0.2.8-6.3.C30mdk.i586.rpm
 e73b7351b468a70a1c66ecbfb2c75094  corporate/3.0/RPMS/libwmf0.2_7-devel-0.2.8-6.3.C30mdk.i586.rpm
 a73e09fb31251be810543f63ddaeeaf1  corporate/3.0/RPMS/libwmf-0.2.8-6.3.C30mdk.i586.rpm
 2e4701b959fe15524990679b28c8a441  corporate/3.0/SRPMS/libwmf-0.2.8-6.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a65791ba5ba79a1ffa249900787d0ac1  x86_64/corporate/3.0/RPMS/lib64wmf0.2_7-0.2.8-6.3.C30mdk.x86_64.rpm
 e605436808bdd2ec468277597971e014  x86_64/corporate/3.0/RPMS/lib64wmf0.2_7-devel-0.2.8-6.3.C30mdk.x86_64.rpm
 cfe857638749ae5f800f93436714616c  x86_64/corporate/3.0/RPMS/libwmf-0.2.8-6.3.C30mdk.x86_64.rpm
 2e4701b959fe15524990679b28c8a441  x86_64/corporate/3.0/SRPMS/libwmf-0.2.8-6.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEyhJKmqjQ0CJFipgRAncmAJ4yYMByyVAF8Z7h/aqoX9BAMNGu6QCgwzRg
LvJwBfxTzPeuUW/BQSLp2RM=
=ZTxW
-----END PGP SIGNATURE-----

    

- 漏洞信息

26961
libwmf WMF File Processing Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LibWMF WMF File Handling Integer Overflow Vulnerability
Boundary Condition Error 18751
Yes No
2006-06-30 12:00:00 2006-08-10 08:05:00
sean <infamous41md@hotpop.com> is credited with the discovery of this vulnerability.

- 受影响的程序版本

wvWare wv2 0.2.3
wvWare wv2 0.2.2
wvWare wv2 0.2.1
wvWare libwmf 0.2.8.4
wvWare libwmf 0.2.8.3
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop version 4
Red Hat Fedora Core5
Red Hat Fedora Core4
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0

- 漏洞讨论

Applications using the libwmf library are prone to an integer-overflow vulnerability.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

Please see the references for vendor advisories and fixes.


wvWare libwmf 0.2.8.3

wvWare libwmf 0.2.8.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站