CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/18948	Patch Vendor Advisory
http://secunia.com/advisories/19021	Patch Vendor Advisory
http://secunia.com/advisories/19065	Patch Vendor Advisory
http://secunia.com/advisories/19091	Patch Vendor Advisory
http://secunia.com/advisories/19164	Patch Vendor Advisory
http://secunia.com/advisories/19364	Patch Vendor Advisory
http://secunia.com/advisories/19644	Patch Vendor Advisory
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz	Patch
http://www.debian.org/security/2006/dsa-1019	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-979	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-982	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-983	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-984	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-998	Patch Vendor Advisory
http://www.osvdb.org/23834
http://www.securityfocus.com/bid/16748
https://usn.ubuntu.com/270-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:gpdf:2.8.2:::::::*
	cpe:2.3:a:libextractor:libextractor:0.3.6:::::::*
	cpe:2.3:a:libextractor:libextractor:0.3.7:::::::*
	cpe:2.3:a:libextractor:libextractor:0.3.8:::::::*
	cpe:2.3:a:libextractor:libextractor:0.3.9:::::::*
	cpe:2.3:a:libextractor:libextractor:0.3.11:::::::*
	cpe:2.3:a:libextractor:libextractor:0.4:::::::*
	cpe:2.3:a:libextractor:libextractor:0.4.1:::::::*
	cpe:2.3:a:libextractor:libextractor:0.4.2:::::::*
	cpe:2.3:a:libextractor:libextractor:0.5:::::::*
	cpe:2.3:a:xpdf:xpdf:0.90:::::::*
	cpe:2.3:a:xpdf:xpdf:0.91:::::::*
	cpe:2.3:a:xpdf:xpdf:0.92:::::::*
	cpe:2.3:a:xpdf:xpdf:0.93:::::::*
	cpe:2.3:a:xpdf:xpdf:1.0:::::::*
	cpe:2.3:a:xpdf:xpdf:1.0a:::::::*
	cpe:2.3:a:xpdf:xpdf:1.1:::::::*
	cpe:2.3:a:xpdf:xpdf:2.0:::::::*
	cpe:2.3:a:xpdf:xpdf:2.1:::::::*
	cpe:2.3:a:xpdf:xpdf:2.2:::::::*
	cpe:2.3:a:xpdf:xpdf:2.3:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0.1:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0_pl2:::::::*
	cpe:2.3:a:xpdf:xpdf:3.0_pl3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:3.1::alpha:::::
	cpe:2.3:o:debian:debian_linux:3.1::amd64:::::
	cpe:2.3:o:debian:debian_linux:3.1::arm:::::
	cpe:2.3:o:debian:debian_linux:3.1::hppa:::::
	cpe:2.3:o:debian:debian_linux:3.1::ia-32:::::
	cpe:2.3:o:debian:debian_linux:3.1::ia-64:::::
	cpe:2.3:o:debian:debian_linux:3.1::m68k:::::
	cpe:2.3:o:debian:debian_linux:3.1::mips:::::
	cpe:2.3:o:debian:debian_linux:3.1::mipsel:::::
	cpe:2.3:o:debian:debian_linux:3.1::ppc:::::
	cpe:2.3:o:debian:debian_linux:3.1::s-390:::::
	cpe:2.3:o:debian:debian_linux:3.1::sparc:::::

History

No history.

Information

Published : 2006-03-15 19:06

Updated : 2023-12-10 10:28

NVD link : CVE-2006-1244

Mitre link : CVE-2006-1244

CVE.ORG link : CVE-2006-1244

JSON object : View

Products Affected

gnome

gpdf

xpdf

xpdf

libextractor

libextractor

debian

debian_linux

CWE

NVD-CWE-Other

7.6 /10