CVE-2006-1244

high

Description

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

References

https://usn.ubuntu.com/270-1/

http://www.securityfocus.com/bid/16748

http://www.osvdb.org/23834

http://www.debian.org/security/2006/dsa-998

http://www.debian.org/security/2006/dsa-984

http://www.debian.org/security/2006/dsa-983

http://www.debian.org/security/2006/dsa-982

http://www.debian.org/security/2006/dsa-979

http://www.debian.org/security/2006/dsa-1019

http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz

http://secunia.com/advisories/19644

http://secunia.com/advisories/19364

http://secunia.com/advisories/19164

http://secunia.com/advisories/19091

http://secunia.com/advisories/19065

http://secunia.com/advisories/19021

http://secunia.com/advisories/18948

Details

Source: Mitre, NVD

Published: 2006-03-15

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High