Vulnerability Name: | CVE-2006-1244 (CCN-29372) | ||||||||||||||||||||||||
Assigned: | 2006-02-27 | ||||||||||||||||||||||||
Published: | 2006-02-27 | ||||||||||||||||||||||||
Updated: | 2018-10-03 | ||||||||||||||||||||||||
Summary: | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. Note: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. | ||||||||||||||||||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2006-1244 Source: SECUNIA Type: Patch, Vendor Advisory 18948 Source: SECUNIA Type: Patch, Vendor Advisory 19021 Source: SECUNIA Type: Patch, Vendor Advisory 19065 Source: SECUNIA Type: Patch, Vendor Advisory 19091 Source: SECUNIA Type: Patch, Vendor Advisory 19164 Source: SECUNIA Type: Patch, Vendor Advisory 19364 Source: SECUNIA Type: Patch, Vendor Advisory 19644 Source: MISC Type: Patch http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz Source: DEBIAN Type: Patch, Vendor Advisory DSA-1019 Source: DEBIAN Type: Patch, Vendor Advisory DSA-979 Source: DEBIAN Type: Patch, Vendor Advisory DSA-982 Source: DEBIAN Type: Patch, Vendor Advisory DSA-983 Source: DEBIAN Type: Patch, Vendor Advisory DSA-984 Source: DEBIAN Type: Patch, Vendor Advisory DSA-998 Source: DEBIAN Type: DSA-1019 koffice -- several vulnerabilities Source: DEBIAN Type: DSA-979 pdfkit.framework -- several vulnerabilities Source: DEBIAN Type: DSA-982 gpdf -- several vulnerabilities Source: DEBIAN Type: DSA-983 pdftohtml -- several vulnerabilities Source: DEBIAN Type: DSA-984 xpdf -- several vulnerabilities Source: OSVDB Type: UNKNOWN 23834 Source: CCN Type: OSVDB ID: 23834 Multiple Products Xpdf/kpdf Multiple Unspecified Issues Source: BID Type: UNKNOWN 16748 Source: CCN Type: BID-16748 XPDF Multiple Unspecified Vulnerabilities Source: CCN Type: USN-270-1 xpdf vulnerabilities Source: XF Type: UNKNOWN xpdf-multiple-pdf-bo(29372) Source: UBUNTU Type: UNKNOWN USN-270-1 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |