Mandriva Linux Security Advisory MDKSA-2006-132 - Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including wv, abiword, freetype, gimp, libgsf, and imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
b58dbdb89764f92136ac374c126ea6ab7a62bdb2e179a7cd7c5dc16c266bb99e