paul Posted July 28, 2006 Report Share Posted July 28, 2006 Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. Updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts