Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-0301

Published: 30/01/2006 Updated: 19/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Xpdf

Vulnerability Summary

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows malicious users to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Vulnerable Product Search on Vulmon Subscribe to Product

xpdf xpdf

Vendor Advisories

Debian CVElist Bug Report Logs: xpdf: Buffer overflow vulnerability in Splash.cc; CVE-2006-0301
Debian Bug report logs - #350783 xpdf: Buffer overflow vulnerability in Splashcc; CVE-2006-0301 Package: xpdf-reader; Maintainer for xpdf-reader is (unknown); Reported by: Jan Niehusmann <jan@gondorcom> Date: Tue, 31 Jan 2006 20:33:01 UTC Severity: grave Tags: security Found in version xpdf-reader/301-5 Fixed in versio ...
Ubuntu Security Notice: xpdf, poppler, kdegraphics vulnerabilities
The splash image handler in xpdf did not check the validity of coordinates By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user ...
Debian Security Advisories: DSA-972-1 pdfkit.framework -- buffer overflows
SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in pdfkitframework, the GNUstep framework for rendering PDF content, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code The old stable distribution (woody) ...
Debian Security Advisories: DSA-971-1 xpdf -- buffer overflow
SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code The old stable distribution (woody) is not affected For the stable distribution (sarge) these problems have been fixed in version 3 ...

References

CWE-119https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046https://bugzilla.novell.com/show_bug.cgi?id=141242http://secunia.com/advisories/18677http://www.securityfocus.com/archive/1/423899/100/0/threadedhttp://www.kde.org/info/security/advisory-20060202-1.txthttp://securitytracker.com/id?1015576http://secunia.com/advisories/18707http://www.debian.org/security/2006/dsa-971http://www.debian.org/security/2006/dsa-974http://www.debian.org/security/2006/dsa-972http://www.gentoo.org/security/en/glsa/glsa-200602-04.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200602-05.xmlhttp://www.redhat.com/support/errata/RHSA-2006-0201.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0206.htmlhttp://www.ubuntu.com/usn/usn-249-1http://secunia.com/advisories/18834http://secunia.com/advisories/18875http://secunia.com/advisories/18274http://secunia.com/advisories/18825http://secunia.com/advisories/18826http://secunia.com/advisories/18837http://secunia.com/advisories/18838http://secunia.com/advisories/18860http://secunia.com/advisories/18862http://secunia.com/advisories/18864http://secunia.com/advisories/18882http://secunia.com/advisories/18908http://secunia.com/advisories/18913http://www.gentoo.org/security/en/glsa/glsa-200602-12.xmlhttp://secunia.com/advisories/18983ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txthttp://secunia.com/advisories/19377http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.htmlhttp://secunia.com/advisories/18839http://www.mandriva.com/security/advisories?name=MDKSA-2006:030http://www.mandriva.com/security/advisories?name=MDKSA-2006:031http://www.mandriva.com/security/advisories?name=MDKSA-2006:032http://securityreason.com/securityalert/470http://www.vupen.com/english/advisories/2006/0389http://www.vupen.com/english/advisories/2006/0422https://exchange.xforce.ibmcloud.com/vulnerabilities/24391https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850http://www.securityfocus.com/archive/1/427990/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350783https://usn.ubuntu.com/249-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook