7.6

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.  NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed.  Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGpdf Version2.8.2
LibextractorLibextractor Version0.3.6
LibextractorLibextractor Version0.3.7
LibextractorLibextractor Version0.3.8
LibextractorLibextractor Version0.3.9
LibextractorLibextractor Version0.3.11
LibextractorLibextractor Version0.4
LibextractorLibextractor Version0.4.1
LibextractorLibextractor Version0.4.2
LibextractorLibextractor Version0.5
XpdfXpdf Version0.90
XpdfXpdf Version0.91
XpdfXpdf Version0.92
XpdfXpdf Version0.93
XpdfXpdf Version1.0
XpdfXpdf Version1.0a
XpdfXpdf Version1.1
XpdfXpdf Version2.0
XpdfXpdf Version2.1
XpdfXpdf Version2.2
XpdfXpdf Version2.3
XpdfXpdf Version3.0
XpdfXpdf Version3.0.1
XpdfXpdf Version3.0.1_pl1
XpdfXpdf Version3.0_pl2
XpdfXpdf Version3.0_pl3
DebianDebian Linux Version3.1
DebianDebian Linux Version3.1 Editionalpha
DebianDebian Linux Version3.1 Editionamd64
DebianDebian Linux Version3.1 Editionarm
DebianDebian Linux Version3.1 Editionhppa
DebianDebian Linux Version3.1 Editionia-32
DebianDebian Linux Version3.1 Editionia-64
DebianDebian Linux Version3.1 Editionm68k
DebianDebian Linux Version3.1 Editionmips
DebianDebian Linux Version3.1 Editionmipsel
DebianDebian Linux Version3.1 Editionppc
DebianDebian Linux Version3.1 Editions-390
DebianDebian Linux Version3.1 Editionsparc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.14% 0.796
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18948
Patch
Vendor Advisory
http://secunia.com/advisories/19021
Patch
Vendor Advisory
http://secunia.com/advisories/19065
Patch
Vendor Advisory
http://secunia.com/advisories/19091
Patch
Vendor Advisory
http://secunia.com/advisories/19164
Patch
Vendor Advisory
http://secunia.com/advisories/19364
Patch
Vendor Advisory
http://secunia.com/advisories/19644
Patch
Vendor Advisory
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
Patch
http://www.debian.org/security/2006/dsa-1019
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-979
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-982
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-983
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-984
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-998
Patch
Vendor Advisory
http://www.osvdb.org/23834
http://www.securityfocus.com/bid/16748
https://usn.ubuntu.com/270-1/