CVE-2006-0301

high

Description

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850

https://exchange.xforce.ibmcloud.com/vulnerabilities/24391

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046

https://bugzilla.novell.com/show_bug.cgi?id=141242

http://www.vupen.com/english/advisories/2006/0422

http://www.vupen.com/english/advisories/2006/0389

http://www.ubuntu.com/usn/usn-249-1

http://www.securityfocus.com/archive/1/427990/100/0/threaded

http://www.securityfocus.com/archive/1/423899/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2006-0201.html

http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:032

http://www.mandriva.com/security/advisories?name=MDKSA-2006:031

http://www.mandriva.com/security/advisories?name=MDKSA-2006:030

http://www.kde.org/info/security/advisory-20060202-1.txt

http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml

http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml

http://www.debian.org/security/2006/dsa-974

http://www.debian.org/security/2006/dsa-972

http://www.debian.org/security/2006/dsa-971

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

http://securitytracker.com/id?1015576

http://securityreason.com/securityalert/470

http://secunia.com/advisories/19377

http://secunia.com/advisories/18983

http://secunia.com/advisories/18913

http://secunia.com/advisories/18908

http://secunia.com/advisories/18882

http://secunia.com/advisories/18875

http://secunia.com/advisories/18864

http://secunia.com/advisories/18862

http://secunia.com/advisories/18860

http://secunia.com/advisories/18839

http://secunia.com/advisories/18838

http://secunia.com/advisories/18837

http://secunia.com/advisories/18834

http://secunia.com/advisories/18826

http://secunia.com/advisories/18825

http://secunia.com/advisories/18707

http://secunia.com/advisories/18677

http://secunia.com/advisories/18274

http://rhn.redhat.com/errata/RHSA-2006-0206.html

Details

Source: Mitre, NVD

Published: 2006-01-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High