CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
96.3%
An integer overflow was found in the handling of the MaxRecordSize
field in the WMF header parser. By tricking a user into opening a
specially crafted WMF image file with an application that uses this
library, an attacker could exploit this to execute arbitrary code with
the user’s privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.06 | noarch | libwmf0.2-7 | < 0.2.8.3-3.1ubuntu0.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | libwmf0.2-7 | < 0.2.8.3-2ubuntu0.1 | UNKNOWN |
Ubuntu | 5.04 | noarch | libwmf0.2-7 | < 0.2.8-1.1ubuntu0.1 | UNKNOWN |