FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libwmf -- integer overflow vulnerability

Affected packages
libwmf < 0.2.8.4_3

Details

VuXML ID 48aab1d0-4252-11de-b67a-0030843d3802
Discovery 2006-07-03
Entry 2009-05-16

Secunia reports:

infamous41md has reported a vulnerability in libwmf, which potentially can be exploited by malicious people to compromise an application using the vulnerable library.

The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed.

References

Bugtraq ID 18751
CVE Name CVE-2006-3376
URL http://secunia.com/advisories/20921/