{"api_version":"1","generated_at":"2026-04-23T05:57:10+00:00","cve":"CVE-2006-3376","urls":{"html":"https://cve.report/CVE-2006-3376","api":"https://cve.report/api/cve/CVE-2006-3376.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3376","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3376"},"summary":{"title":"CVE-2006-3376","description":"Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-07-06 20:05:00","updated_at":"2018-10-18 16:47:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/21419","name":"21419","refsource":"SECUNIA","tags":[],"title":"Secunia - Advisories - Ubuntu update for libwmf","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21261","name":"21261","refsource":"SECUNIA","tags":[],"title":"Secunia - Advisories - Mandriva update for libwmf","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18751","name":"18751","refsource":"BID","tags":[],"title":"LibWMF WMF File Handling Integer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/22311","name":"22311","refsource":"SECUNIA","tags":[],"title":"Debian update for libwmf - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21064","name":"21064","refsource":"SECUNIA","tags":[],"title":"Red Hat update for libwmf - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-333-1","name":"USN-333-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-333-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2006-0597.html","name":"RHSA-2006:0597","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2646","name":"ADV-2006-2646","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2006/dsa-1194","name":"DSA-1194","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1194-1 libwmf","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27516","name":"libwmf-wmf-bo(27516)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016518","name":"1016518","refsource":"SECTRACK","tags":[],"title":"libwmf Integer Overflow in 'player.c' Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:132","name":"MDKSA-2006:132","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262","name":"oval:org.mitre.oval:def:10262","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21459","name":"21459","refsource":"SECUNIA","tags":[],"title":"SUSE Updates for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/438803/100/0/threaded","name":"20060630 libwmf integer/heap overflow","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1190","name":"1190","refsource":"SREASON","tags":[],"title":"libwmf integer/heap overflow - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200608-17.xml","name":"GLSA-200608-17","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  libwmf: Buffer overflow vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html","name":"SUSE-SR:2006:019","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/21473","name":"21473","refsource":"SECUNIA","tags":[],"title":"Secunia - Advisories - Gentoo update for libwmf","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20921","name":"20921","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"libwmf Integer Overflow Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3376","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3376","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"libwmf","cpe6":"0.2.8_.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"libwmf","cpe6":"0.2.8_.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3376","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wvware","cpe5":"wv2","cpe6":"0.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2006-3376","organization":"Red Hat","lastmodified":"2007-03-14","contributor":"Mark J Cox","statementText":"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.","cve_year":"2006","cve_id":"3376","crc32":"e4ada83e"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3376","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20060630 libwmf integer/heap overflow","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/438803/100/0/threaded"},{"name":"oval:org.mitre.oval:def:10262","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262"},{"name":"20921","refsource":"SECUNIA","url":"http://secunia.com/advisories/20921"},{"name":"libwmf-wmf-bo(27516)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27516"},{"name":"1016518","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016518"},{"name":"21473","refsource":"SECUNIA","url":"http://secunia.com/advisories/21473"},{"name":"22311","refsource":"SECUNIA","url":"http://secunia.com/advisories/22311"},{"name":"USN-333-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-333-1"},{"name":"1190","refsource":"SREASON","url":"http://securityreason.com/securityalert/1190"},{"name":"21459","refsource":"SECUNIA","url":"http://secunia.com/advisories/21459"},{"name":"18751","refsource":"BID","url":"http://www.securityfocus.com/bid/18751"},{"name":"SUSE-SR:2006:019","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html"},{"name":"21064","refsource":"SECUNIA","url":"http://secunia.com/advisories/21064"},{"name":"ADV-2006-2646","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2646"},{"name":"DSA-1194","refsource":"DEBIAN","url":"https://www.debian.org/security/2006/dsa-1194"},{"name":"21261","refsource":"SECUNIA","url":"http://secunia.com/advisories/21261"},{"name":"MDKSA-2006:132","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:132"},{"name":"21419","refsource":"SECUNIA","url":"http://secunia.com/advisories/21419"},{"name":"RHSA-2006:0597","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2006-0597.html"},{"name":"GLSA-200608-17","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200608-17.xml"}]}},"nvd":{"publishedDate":"2006-07-06 20:05:00","lastModifiedDate":"2018-10-18 16:47:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wvware:wv2:0.2.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wvware:wv2:0.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wvware:libwmf:0.2.8_.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wvware:wv2:0.2.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3376","Ordinal":"18701","Title":"CVE-2006-3376","CVE":"CVE-2006-3376","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3376","Ordinal":"1","NoteData":"Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3376","Ordinal":"2","NoteData":"2006-07-06","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3376","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}