7.5

CVE-2006-0301

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XpdfXpdf
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.4% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/archive/1/427990/100/0/threaded
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
Patch
Vendor Advisory
http://secunia.com/advisories/18908
Patch
Vendor Advisory
http://secunia.com/advisories/18913
Patch
Vendor Advisory
http://secunia.com/advisories/19377
Patch
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
Patch
http://rhn.redhat.com/errata/RHSA-2006-0206.html
Patch
Vendor Advisory
http://secunia.com/advisories/18274
Vendor Advisory
http://secunia.com/advisories/18677
Patch
Vendor Advisory
http://secunia.com/advisories/18707
Patch
Vendor Advisory
http://secunia.com/advisories/18825
Patch
Vendor Advisory
http://secunia.com/advisories/18826
Patch
Vendor Advisory
http://secunia.com/advisories/18834
Patch
Vendor Advisory
http://secunia.com/advisories/18837
Patch
Vendor Advisory
http://secunia.com/advisories/18838
Patch
Vendor Advisory
http://secunia.com/advisories/18839
Patch
Vendor Advisory
http://secunia.com/advisories/18860
Patch
Vendor Advisory
http://secunia.com/advisories/18862
Patch
Vendor Advisory
http://secunia.com/advisories/18864
Patch
Vendor Advisory
http://secunia.com/advisories/18875
Vendor Advisory
http://secunia.com/advisories/18882
Patch
Vendor Advisory
http://secunia.com/advisories/18983
Patch
Vendor Advisory
http://securityreason.com/securityalert/470
http://securitytracker.com/id?1015576
Patch
http://www.debian.org/security/2006/dsa-971
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-972
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-974
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
Patch
Vendor Advisory
http://www.kde.org/info/security/advisory-20060202-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0201.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/423899/100/0/threaded
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-249-1
Patch
http://www.vupen.com/english/advisories/2006/0389
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0422
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850