CVE-2006-1244
NONE EPSS 79.8%
Published Mar 15, 200620y ago · Modified Jun 16, 20262w ago
Published Mar 15, 2006 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
Threat Intelligence
EPSS Exploit Probability
79.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 39
| Vendor | Product | Version | Range |
|---|---|---|---|
| gnome | gpdf | 2.8.2 | any |
| libextractor | libextractor | 0.3.6 | any |
| libextractor | libextractor | 0.3.7 | any |
| libextractor | libextractor | 0.3.8 | any |
| libextractor | libextractor | 0.3.9 | any |
| libextractor | libextractor | 0.3.11 | any |
| libextractor | libextractor | 0.4 | any |
| libextractor | libextractor | 0.4.1 | any |
| libextractor | libextractor | 0.4.2 | any |
| libextractor | libextractor | 0.5 | any |
| xpdf | xpdf | 0.90 | any |
| xpdf | xpdf | 0.91 | any |
| xpdf | xpdf | 0.92 | any |
| xpdf | xpdf | 0.93 | any |
| xpdf | xpdf | 1.0 | any |
| xpdf | xpdf | 1.0a | any |
| xpdf | xpdf | 1.1 | any |
| xpdf | xpdf | 2.0 | any |
| xpdf | xpdf | 2.1 | any |
| xpdf | xpdf | 2.2 | any |
| xpdf | xpdf | 2.3 | any |
| xpdf | xpdf | 3.0 | any |
| xpdf | xpdf | 3.0.1 | any |
| xpdf | xpdf | 3.0.1_pl1 | any |
| xpdf | xpdf | 3.0_pl2 | any |
| xpdf | xpdf | 3.0_pl3 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
References 17
- secunia.com http://secunia.com/advisories/18948
- secunia.com http://secunia.com/advisories/19021
- secunia.com http://secunia.com/advisories/19065
- secunia.com http://secunia.com/advisories/19091
- secunia.com http://secunia.com/advisories/19164
- secunia.com http://secunia.com/advisories/19364
- secunia.com http://secunia.com/advisories/19644
- security.debian.org http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
- debian.org http://www.debian.org/security/2006/dsa-1019
- debian.org http://www.debian.org/security/2006/dsa-979
- debian.org http://www.debian.org/security/2006/dsa-982
- debian.org http://www.debian.org/security/2006/dsa-983
- debian.org http://www.debian.org/security/2006/dsa-984
- debian.org http://www.debian.org/security/2006/dsa-998
- osvdb.org http://www.osvdb.org/23834
- securityfocus.com http://www.securityfocus.com/bid/16748
- usn.ubuntu.com https://usn.ubuntu.com/270-1/
Remediation
- secunia.com http://secunia.com/advisories/18948
- secunia.com http://secunia.com/advisories/19021
- secunia.com http://secunia.com/advisories/19065
- secunia.com http://secunia.com/advisories/19091
- secunia.com http://secunia.com/advisories/19164
- secunia.com http://secunia.com/advisories/19364
- secunia.com http://secunia.com/advisories/19644
- security.debian.org http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
- debian.org http://www.debian.org/security/2006/dsa-1019
- debian.org http://www.debian.org/security/2006/dsa-979
- debian.org http://www.debian.org/security/2006/dsa-982
- debian.org http://www.debian.org/security/2006/dsa-983
- debian.org http://www.debian.org/security/2006/dsa-984
- debian.org http://www.debian.org/security/2006/dsa-998