7.6

CVE-2006-1244

EPSS 3.47%
Published 15.03.2006 19:06:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.  NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed.  Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Gpdf Version2.8.2

Libextractor ≫ Libextractor Version0.3.6

Libextractor ≫ Libextractor Version0.3.7

Libextractor ≫ Libextractor Version0.3.8

Libextractor ≫ Libextractor Version0.3.9

Libextractor ≫ Libextractor Version0.3.11

Libextractor ≫ Libextractor Version0.4

Libextractor ≫ Libextractor Version0.4.1

Libextractor ≫ Libextractor Version0.4.2

Libextractor ≫ Libextractor Version0.5

Xpdf ≫ Xpdf Version0.90

Xpdf ≫ Xpdf Version0.91

Xpdf ≫ Xpdf Version0.92

Xpdf ≫ Xpdf Version0.93

Xpdf ≫ Xpdf Version1.0

Xpdf ≫ Xpdf Version1.0a

Xpdf ≫ Xpdf Version1.1

Xpdf ≫ Xpdf Version2.0

Xpdf ≫ Xpdf Version2.1

Xpdf ≫ Xpdf Version2.2

Xpdf ≫ Xpdf Version2.3

Xpdf ≫ Xpdf Version3.0

Xpdf ≫ Xpdf Version3.0.1

Xpdf ≫ Xpdf Version3.0.1_pl1

Xpdf ≫ Xpdf Version3.0_pl2

Xpdf ≫ Xpdf Version3.0_pl3

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version3.1 Editionalpha

Debian ≫ Debian Linux Version3.1 Editionamd64

Debian ≫ Debian Linux Version3.1 Editionarm

Debian ≫ Debian Linux Version3.1 Editionhppa

Debian ≫ Debian Linux Version3.1 Editionia-32

Debian ≫ Debian Linux Version3.1 Editionia-64

Debian ≫ Debian Linux Version3.1 Editionm68k

Debian ≫ Debian Linux Version3.1 Editionmips

Debian ≫ Debian Linux Version3.1 Editionmipsel

Debian ≫ Debian Linux Version3.1 Editionppc

Debian ≫ Debian Linux Version3.1 Editions-390

Debian ≫ Debian Linux Version3.1 Editionsparc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.47%	0.865

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/18948

Patch

Vendor Advisory

http://secunia.com/advisories/19021

Patch

Vendor Advisory

http://secunia.com/advisories/19065

Patch

Vendor Advisory

http://secunia.com/advisories/19091

Patch

Vendor Advisory

http://secunia.com/advisories/19164

Patch

Vendor Advisory

http://secunia.com/advisories/19364

Patch

Vendor Advisory

http://secunia.com/advisories/19644

Patch

Vendor Advisory

http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz

Patch

http://www.debian.org/security/2006/dsa-1019

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-979

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-982

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-983

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-984

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-998

Patch

Vendor Advisory

http://www.osvdb.org/23834

http://www.securityfocus.com/bid/16748

https://usn.ubuntu.com/270-1/

https://nvd.nist.gov/vuln/detail/CVE-2006-1244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1244

EUVD