PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.