CVE-2006-0301
NONE EPSS 90.1%
Published Jan 30, 200620y ago · Modified Jun 16, 20262w ago
Published Jan 30, 2006 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
Threat Intelligence
EPSS Exploit Probability
90.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| xpdf | xpdf | * | any |
References 45
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0206.html
- secunia.com http://secunia.com/advisories/18274
- secunia.com http://secunia.com/advisories/18677
- secunia.com http://secunia.com/advisories/18707
- secunia.com http://secunia.com/advisories/18825
- secunia.com http://secunia.com/advisories/18826
- secunia.com http://secunia.com/advisories/18834
- secunia.com http://secunia.com/advisories/18837
- secunia.com http://secunia.com/advisories/18838
- secunia.com http://secunia.com/advisories/18839
- secunia.com http://secunia.com/advisories/18860
- secunia.com http://secunia.com/advisories/18862
- secunia.com http://secunia.com/advisories/18864
- secunia.com http://secunia.com/advisories/18875
- secunia.com http://secunia.com/advisories/18882
- secunia.com http://secunia.com/advisories/18908
- secunia.com http://secunia.com/advisories/18913
- secunia.com http://secunia.com/advisories/18983
- secunia.com http://secunia.com/advisories/19377
- securityreason.com http://securityreason.com/securityalert/470
- securitytracker.com http://securitytracker.com/id?1015576
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- debian.org http://www.debian.org/security/2006/dsa-971
- debian.org http://www.debian.org/security/2006/dsa-972
- debian.org http://www.debian.org/security/2006/dsa-974
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
- kde.org http://www.kde.org/info/security/advisory-20060202-1.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0201.html
- securityfocus.com http://www.securityfocus.com/archive/1/423899/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
- ubuntu.com http://www.ubuntu.com/usn/usn-249-1
- vupen.com http://www.vupen.com/english/advisories/2006/0389
- vupen.com http://www.vupen.com/english/advisories/2006/0422
- bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=141242
- bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850
Remediation
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0206.html
- secunia.com http://secunia.com/advisories/18677
- secunia.com http://secunia.com/advisories/18707
- secunia.com http://secunia.com/advisories/18825
- secunia.com http://secunia.com/advisories/18826
- secunia.com http://secunia.com/advisories/18834
- secunia.com http://secunia.com/advisories/18837
- secunia.com http://secunia.com/advisories/18838
- secunia.com http://secunia.com/advisories/18839
- secunia.com http://secunia.com/advisories/18860
- secunia.com http://secunia.com/advisories/18862
- secunia.com http://secunia.com/advisories/18864
- secunia.com http://secunia.com/advisories/18882
- secunia.com http://secunia.com/advisories/18908
- secunia.com http://secunia.com/advisories/18913
- secunia.com http://secunia.com/advisories/18983
- secunia.com http://secunia.com/advisories/19377
- securitytracker.com http://securitytracker.com/id?1015576
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- debian.org http://www.debian.org/security/2006/dsa-971
- debian.org http://www.debian.org/security/2006/dsa-972
- debian.org http://www.debian.org/security/2006/dsa-974
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
- kde.org http://www.kde.org/info/security/advisory-20060202-1.txt
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2006-0201.html
- securityfocus.com http://www.securityfocus.com/archive/1/423899/100/0/threaded
- ubuntu.com http://www.ubuntu.com/usn/usn-249-1