CVE-2006-1244

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1244
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/18948 Patch Vendor Advisory
http://secunia.com/advisories/19021 Patch Vendor Advisory
http://secunia.com/advisories/19065 Patch Vendor Advisory
http://secunia.com/advisories/19091 Patch Vendor Advisory
http://secunia.com/advisories/19164 Patch Vendor Advisory
http://secunia.com/advisories/19364 Patch Vendor Advisory
http://secunia.com/advisories/19644 Patch Vendor Advisory
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz Patch
http://www.debian.org/security/2006/dsa-1019 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-979 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-982 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-983 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-984 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-998 Patch Vendor Advisory
http://www.osvdb.org/23834
http://www.securityfocus.com/bid/16748
https://usn.ubuntu.com/270-1/
http://secunia.com/advisories/18948 Patch Vendor Advisory
http://secunia.com/advisories/19021 Patch Vendor Advisory
http://secunia.com/advisories/19065 Patch Vendor Advisory
http://secunia.com/advisories/19091 Patch Vendor Advisory
http://secunia.com/advisories/19164 Patch Vendor Advisory
http://secunia.com/advisories/19364 Patch Vendor Advisory
http://secunia.com/advisories/19644 Patch Vendor Advisory
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz Patch
http://www.debian.org/security/2006/dsa-1019 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-979 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-982 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-983 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-984 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-998 Patch Vendor Advisory
http://www.osvdb.org/23834
http://www.securityfocus.com/bid/16748
https://usn.ubuntu.com/270-1/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:gpdf:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.3.8:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.3.9:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.3.11:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.4:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:libextractor:libextractor:0.5:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
History

21 Nov 2024, 00:08

Type Values Removed Values Added
References () http://secunia.com/advisories/18948 - Patch, Vendor Advisory () http://secunia.com/advisories/18948 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19021 - Patch, Vendor Advisory () http://secunia.com/advisories/19021 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19065 - Patch, Vendor Advisory () http://secunia.com/advisories/19065 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19091 - Patch, Vendor Advisory () http://secunia.com/advisories/19091 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19164 - Patch, Vendor Advisory () http://secunia.com/advisories/19164 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19364 - Patch, Vendor Advisory () http://secunia.com/advisories/19364 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19644 - Patch, Vendor Advisory () http://secunia.com/advisories/19644 - Patch, Vendor Advisory
References () http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz - Patch () http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz - Patch
References () http://www.debian.org/security/2006/dsa-1019 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1019 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-979 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-979 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-982 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-982 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-983 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-983 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-984 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-984 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-998 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-998 - Patch, Vendor Advisory
References () http://www.osvdb.org/23834 - () http://www.osvdb.org/23834 -
References () http://www.securityfocus.com/bid/16748 - () http://www.securityfocus.com/bid/16748 -
References () https://usn.ubuntu.com/270-1/ - () https://usn.ubuntu.com/270-1/ -
Information

Published : 2006-03-15 19:06

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1244

Mitre link : CVE-2006-1244

CVE.ORG link : CVE-2006-1244

JSON object : View

Products Affected

gnome

  • gpdf

libextractor

  • libextractor

debian

  • debian_linux

xpdf

  • xpdf
CWE
NVD-CWE-Other