Debian Bug report logs - #381538
CVE-2006-3376: arbitrary code execution in libwmf

version graph

Package: libwmf0.2-7; Maintainer for libwmf0.2-7 is Loïc Minier <>; Source for libwmf0.2-7 is src:libwmf.

Reported by: Stefan Fritsch <>

Date: Sat, 5 Aug 2006 09:33:01 UTC

Severity: grave

Tags: security

Found in version libwmf/

Fixed in version libwmf/

Done: Matej Vela <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian Security Team <>, Matej Vela <>:
Bug#381538; Package libwmf0.2-7. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <>:
New Bug report received and forwarded. Copy sent to Debian Security Team <>, Matej Vela <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Stefan Fritsch <>
To: Debian Bug Tracking System <>
Subject: CVE-2006-3376: arbitrary code execution in libwmf
Date: Sat, 05 Aug 2006 11:07:39 +0200
Package: libwmf0.2-7
Severity: grave
Tags: security
Justification: user security hole

CVE-2006-3376 reads:
Integer overflow in player.c in libwmf, as used in multiple
products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5)
libgsf, and (6) imagemagick allows remote attackers to execute
arbitrary code via the MaxRecordSize header field in a WMF file.

Please mention the CVE-id in the changelog.

Reply sent to Matej Vela <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Matej Vela <>
Subject: Bug#381538: fixed in libwmf
Date: Sat, 05 Aug 2006 03:32:10 -0700
Source: libwmf

We believe that the bug you reported is fixed in the latest version of
libwmf, which is due to be installed in the Debian FTP archive:

  to pool/main/libw/libwmf/libwmf-bin_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf-dev_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf-doc_0.2.8.4-2_all.deb
  to pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2_i386.deb
  to pool/main/libw/libwmf/libwmf_0.2.8.4-2.diff.gz
  to pool/main/libw/libwmf/libwmf_0.2.8.4-2.dsc

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Matej Vela <> (supplier of updated libwmf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Sat,  5 Aug 2006 12:15:57 +0200
Source: libwmf
Binary: libwmf-dev libwmf-bin libwmf-doc libwmf0.2-7
Architecture: source all i386
Distribution: unstable
Urgency: high
Maintainer: Matej Vela <>
Changed-By: Matej Vela <>
 libwmf-bin - Windows metafile conversion tools
 libwmf-dev - Windows metafile conversion development
 libwmf-doc - Windows metafile documentation
 libwmf0.2-7 - Windows metafile conversion library
Closes: 381538
 libwmf ( unstable; urgency=high
   * src/player.c: Fix integer overflow vulnerability.  [CVE-2006-3376]
     Closes: #381538.
 8b795932cc57c5eaf1027958b80964ae 757 libs optional libwmf_0.2.8.4-2.dsc
 a298170778683e60a72ba8e71b902561 7343 libs optional libwmf_0.2.8.4-2.diff.gz
 10b916fc49e8643d1b955654f7d46b07 173646 libs optional libwmf0.2-7_0.2.8.4-2_i386.deb
 ff4ba47be59bd766fd2488dcae47cdad 16894 graphics optional libwmf-bin_0.2.8.4-2_i386.deb
 900ba8750702ed0e3c01829fb64a9a7c 193082 libdevel optional libwmf-dev_0.2.8.4-2_i386.deb
 5d9567a792f67a0c1b5b1cc382ac1af8 271704 doc optional libwmf-doc_0.2.8.4-2_all.deb

Version: GnuPG v1.4.5 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Mon, 25 Jun 2007 06:58:32 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Wed Apr 16 14:18:59 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.