CVE-2006-0301

NONE EPSS 90.1%
Published Jan 30, 200620y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 30, 2006 20y ago
Last Modified Jun 16, 2026 2w ago

Description

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Threat Intelligence

EPSS Exploit Probability
90.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 1

VendorProductVersionRange
xpdfxpdf*any

References 45

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0206.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18274
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18677
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18707
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18825
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18826
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18834
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18837
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18838
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18839
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18860
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18862
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18864
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18875
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/18882
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18908
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18913
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18983
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19377
    PatchVendor Advisory
  • securityreason.com http://securityreason.com/securityalert/470
  • securitytracker.com http://securitytracker.com/id?1015576
    Patch
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
    Patch
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
    Patch
  • debian.org http://www.debian.org/security/2006/dsa-971
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-972
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-974
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
    PatchVendor Advisory
  • kde.org http://www.kde.org/info/security/advisory-20060202-1.txt
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0201.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/423899/100/0/threaded
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/427990/100/0/threaded
  • ubuntu.com http://www.ubuntu.com/usn/usn-249-1
    Patch
  • vupen.com http://www.vupen.com/english/advisories/2006/0389
    Vendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2006/0422
    Vendor Advisory
  • bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=141242
  • bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850

Remediation

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2006-0206.html
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18677
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18707
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18825
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18826
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18834
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18837
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18838
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18839
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18860
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18862
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18864
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18882
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18908
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18913
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/18983
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19377
    PatchVendor Advisory
  • securitytracker.com http://securitytracker.com/id?1015576
    Patch
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
    Patch
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
    Patch
  • debian.org http://www.debian.org/security/2006/dsa-971
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-972
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-974
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
    PatchVendor Advisory
  • kde.org http://www.kde.org/info/security/advisory-20060202-1.txt
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2006-0201.html
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/423899/100/0/threaded
    PatchVendor Advisory
  • ubuntu.com http://www.ubuntu.com/usn/usn-249-1
    Patch