Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libextractor libextractor 0.3.8 |
||
libextractor libextractor 0.3.9 |
||
xpdf xpdf 0.92 |
||
xpdf xpdf 0.93 |
||
xpdf xpdf 1.0 |
||
xpdf xpdf 3.0 |
||
xpdf xpdf 3.0.1 |
||
libextractor libextractor 0.3.6 |
||
libextractor libextractor 0.3.7 |
||
xpdf xpdf 0.90 |
||
xpdf xpdf 0.91 |
||
xpdf xpdf 2.2 |
||
xpdf xpdf 2.3 |
||
libextractor libextractor 0.4 |
||
libextractor libextractor 0.4.1 |
||
xpdf xpdf 1.0a |
||
xpdf xpdf 1.1 |
||
xpdf xpdf 3.0.1_pl1 |
||
xpdf xpdf 3.0_pl2 |
||
gnome gpdf 2.8.2 |
||
libextractor libextractor 0.3.11 |
||
libextractor libextractor 0.4.2 |
||
libextractor libextractor 0.5 |
||
xpdf xpdf 2.0 |
||
xpdf xpdf 2.1 |
||
xpdf xpdf 3.0_pl3 |
||
debian debian linux 3.1 |