Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1244

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2006-1244
Last Modified 05 Sep 2008 05:01:24
Published 15 Mar 2006 02:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1244

Summary

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Vulnerable Systems

Operating System

  • Debian Linux 3.1

Application

  • Gnome Gpdf 2.8.2

  • Libextractor 0.3.11

  • Libextractor 0.3.6

  • Libextractor 0.3.7

  • Libextractor 0.3.8

  • Libextractor 0.3.9

  • Libextractor 0.4

  • Libextractor 0.4.1

  • Libextractor 0.4.2

  • Libextractor 0.5

  • Xpdf 0.90

  • Xpdf 0.91

  • Xpdf 0.92

  • Xpdf 0.93

  • Xpdf 1.0

  • Xpdf 1.0a

  • Xpdf 1.1

  • Xpdf 2.0

  • Xpdf 2.1

  • Xpdf 2.2

  • Xpdf 2.3

  • Xpdf 3.0

  • Xpdf 3.0 Pl2

  • Xpdf 3.0 Pl3

  • Xpdf 3.0.1

  • Xpdf 3.0.1 Pl1


References

DEBIAN - DSA-998

DEBIAN - DSA-984

DEBIAN - DSA-983

DEBIAN - DSA-982

DEBIAN - DSA-979

DEBIAN - DSA-1019

MISC - http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz

SECUNIA - 19644

SECUNIA - 19364

SECUNIA - 19164

SECUNIA - 19091

SECUNIA - 19065

SECUNIA - 19021

SECUNIA - 18948

UBUNTU - USN-270-1

BID - 16748

OSVDB - 23834


Last Updated: 27 May 2016 10:41:59