The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
Max CVSS
5.5
EPSS Score
0.32%
Published
2017-03-23
Updated
2017-03-27
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
Max CVSS
5.0
EPSS Score
10.04%
Published
2015-07-01
Updated
2017-09-22
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
Max CVSS
6.8
EPSS Score
3.41%
Published
2015-07-01
Updated
2018-10-30
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
Max CVSS
6.8
EPSS Score
2.57%
Published
2015-07-01
Updated
2018-10-30
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
Max CVSS
7.5
EPSS Score
18.97%
Published
2006-07-06
Updated
2018-10-18
5 vulnerabilities found