CVE-2006-1244

NONE EPSS 79.8%
Published Mar 15, 200620y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 15, 2006 20y ago
Last Modified Jun 16, 2026 2w ago

Description

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Threat Intelligence

EPSS Exploit Probability
79.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 39

VendorProductVersionRange
gnomegpdf2.8.2any
libextractorlibextractor0.3.6any
libextractorlibextractor0.3.7any
libextractorlibextractor0.3.8any
libextractorlibextractor0.3.9any
libextractorlibextractor0.3.11any
libextractorlibextractor0.4any
libextractorlibextractor0.4.1any
libextractorlibextractor0.4.2any
libextractorlibextractor0.5any
xpdfxpdf0.90any
xpdfxpdf0.91any
xpdfxpdf0.92any
xpdfxpdf0.93any
xpdfxpdf1.0any
xpdfxpdf1.0aany
xpdfxpdf1.1any
xpdfxpdf2.0any
xpdfxpdf2.1any
xpdfxpdf2.2any
xpdfxpdf2.3any
xpdfxpdf3.0any
xpdfxpdf3.0.1any
xpdfxpdf3.0.1_pl1any
xpdfxpdf3.0_pl2any
xpdfxpdf3.0_pl3any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any

References 17

  • secunia.com http://secunia.com/advisories/18948
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19021
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19065
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19091
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19164
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19364
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19644
    PatchVendor Advisory
  • security.debian.org http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
    Patch
  • debian.org http://www.debian.org/security/2006/dsa-1019
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-979
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-982
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-983
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-984
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-998
    PatchVendor Advisory
  • osvdb.org http://www.osvdb.org/23834
  • securityfocus.com http://www.securityfocus.com/bid/16748
  • usn.ubuntu.com https://usn.ubuntu.com/270-1/

Remediation

  • secunia.com http://secunia.com/advisories/18948
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19021
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19065
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19091
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19164
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19364
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/19644
    PatchVendor Advisory
  • security.debian.org http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
    Patch
  • debian.org http://www.debian.org/security/2006/dsa-1019
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-979
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-982
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-983
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-984
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-998
    PatchVendor Advisory