Vulnerability Name:

CVE-2006-1244 (CCN-29372)

Assigned:2006-02-27
Published:2006-02-27
Updated:2018-10-03
Summary:Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.
Note: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-1244

Source: SECUNIA
Type: Patch, Vendor Advisory
18948

Source: SECUNIA
Type: Patch, Vendor Advisory
19021

Source: SECUNIA
Type: Patch, Vendor Advisory
19065

Source: SECUNIA
Type: Patch, Vendor Advisory
19091

Source: SECUNIA
Type: Patch, Vendor Advisory
19164

Source: SECUNIA
Type: Patch, Vendor Advisory
19364

Source: SECUNIA
Type: Patch, Vendor Advisory
19644

Source: MISC
Type: Patch
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1019

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-979

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-982

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-983

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-984

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-998

Source: DEBIAN
Type: DSA-1019
koffice -- several vulnerabilities

Source: DEBIAN
Type: DSA-979
pdfkit.framework -- several vulnerabilities

Source: DEBIAN
Type: DSA-982
gpdf -- several vulnerabilities

Source: DEBIAN
Type: DSA-983
pdftohtml -- several vulnerabilities

Source: DEBIAN
Type: DSA-984
xpdf -- several vulnerabilities

Source: OSVDB
Type: UNKNOWN
23834

Source: CCN
Type: OSVDB ID: 23834
Multiple Products Xpdf/kpdf Multiple Unspecified Issues

Source: BID
Type: UNKNOWN
16748

Source: CCN
Type: BID-16748
XPDF Multiple Unspecified Vulnerabilities

Source: CCN
Type: USN-270-1
xpdf vulnerabilities

Source: XF
Type: UNKNOWN
xpdf-multiple-pdf-bo(29372)

Source: UBUNTU
Type: UNKNOWN
USN-270-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:gpdf:2.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1019
    V
    several vulnerabilities
    2006-03-24
    oval:org.debian:def:984
    V
    several vulnerabilities
    2006-03-02
    oval:org.debian:def:983
    V
    several vulnerabilities
    2006-02-28
    oval:org.debian:def:982
    V
    several vulnerabilities
    2006-02-27
    oval:org.debian:def:979
    V
    several vulnerabilities
    2006-02-17
    BACK
    gnome gpdf 2.8.2
    libextractor libextractor 0.3.6
    libextractor libextractor 0.3.7
    libextractor libextractor 0.3.8
    libextractor libextractor 0.3.9
    libextractor libextractor 0.3.11
    libextractor libextractor 0.4
    libextractor libextractor 0.4.1
    libextractor libextractor 0.4.2
    libextractor libextractor 0.5
    xpdf xpdf 0.90
    xpdf xpdf 0.91
    xpdf xpdf 0.92
    xpdf xpdf 0.93
    xpdf xpdf 1.0
    xpdf xpdf 1.0a
    xpdf xpdf 1.1
    xpdf xpdf 2.0
    xpdf xpdf 2.1
    xpdf xpdf 2.2
    xpdf xpdf 2.3
    xpdf xpdf 3.0
    xpdf xpdf 3.0.1
    xpdf xpdf 3.0.1_pl1
    xpdf xpdf 3.0_pl2
    xpdf xpdf 3.0_pl3
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1