ID CVE-2006-1244
Summary Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gpdf:2.8.2
    cpe:2.3:a:gnome:gpdf:2.8.2
  • cpe:2.3:a:libextractor:libextractor:0.3.6
    cpe:2.3:a:libextractor:libextractor:0.3.6
  • cpe:2.3:a:libextractor:libextractor:0.3.7
    cpe:2.3:a:libextractor:libextractor:0.3.7
  • cpe:2.3:a:libextractor:libextractor:0.3.8
    cpe:2.3:a:libextractor:libextractor:0.3.8
  • cpe:2.3:a:libextractor:libextractor:0.3.9
    cpe:2.3:a:libextractor:libextractor:0.3.9
  • cpe:2.3:a:libextractor:libextractor:0.3.11
    cpe:2.3:a:libextractor:libextractor:0.3.11
  • cpe:2.3:a:libextractor:libextractor:0.4
    cpe:2.3:a:libextractor:libextractor:0.4
  • cpe:2.3:a:libextractor:libextractor:0.4.1
    cpe:2.3:a:libextractor:libextractor:0.4.1
  • cpe:2.3:a:libextractor:libextractor:0.4.2
    cpe:2.3:a:libextractor:libextractor:0.4.2
  • cpe:2.3:a:libextractor:libextractor:0.5
    cpe:2.3:a:libextractor:libextractor:0.5
  • cpe:2.3:a:xpdf:xpdf:0.90
    cpe:2.3:a:xpdf:xpdf:0.90
  • cpe:2.3:a:xpdf:xpdf:0.91
    cpe:2.3:a:xpdf:xpdf:0.91
  • cpe:2.3:a:xpdf:xpdf:0.92
    cpe:2.3:a:xpdf:xpdf:0.92
  • cpe:2.3:a:xpdf:xpdf:0.93
    cpe:2.3:a:xpdf:xpdf:0.93
  • cpe:2.3:a:xpdf:xpdf:1.0
    cpe:2.3:a:xpdf:xpdf:1.0
  • cpe:2.3:a:xpdf:xpdf:1.0a
    cpe:2.3:a:xpdf:xpdf:1.0a
  • cpe:2.3:a:xpdf:xpdf:1.1
    cpe:2.3:a:xpdf:xpdf:1.1
  • cpe:2.3:a:xpdf:xpdf:2.0
    cpe:2.3:a:xpdf:xpdf:2.0
  • cpe:2.3:a:xpdf:xpdf:2.1
    cpe:2.3:a:xpdf:xpdf:2.1
  • cpe:2.3:a:xpdf:xpdf:2.2
    cpe:2.3:a:xpdf:xpdf:2.2
  • cpe:2.3:a:xpdf:xpdf:2.3
    cpe:2.3:a:xpdf:xpdf:2.3
  • cpe:2.3:a:xpdf:xpdf:3.0
    cpe:2.3:a:xpdf:xpdf:3.0
  • cpe:2.3:a:xpdf:xpdf:3.0.1
    cpe:2.3:a:xpdf:xpdf:3.0.1
  • cpe:2.3:a:xpdf:xpdf:3.0.1_pl1
    cpe:2.3:a:xpdf:xpdf:3.0.1_pl1
  • cpe:2.3:a:xpdf:xpdf:3.0_pl2
    cpe:2.3:a:xpdf:xpdf:3.0_pl2
  • cpe:2.3:a:xpdf:xpdf:3.0_pl3
    cpe:2.3:a:xpdf:xpdf:3.0_pl3
  • Debian Debian Linux 3.1
    cpe:2.3:o:debian:debian_linux:3.1
  • cpe:2.3:o:debian:debian_linux:3.1:-:alpha
    cpe:2.3:o:debian:debian_linux:3.1:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.1:-:amd64
    cpe:2.3:o:debian:debian_linux:3.1:-:amd64
  • cpe:2.3:o:debian:debian_linux:3.1:-:arm
    cpe:2.3:o:debian:debian_linux:3.1:-:arm
  • cpe:2.3:o:debian:debian_linux:3.1:-:hppa
    cpe:2.3:o:debian:debian_linux:3.1:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.1:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.1:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.1:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.1:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.1:-:m68k
    cpe:2.3:o:debian:debian_linux:3.1:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.1:-:mips
    cpe:2.3:o:debian:debian_linux:3.1:-:mips
  • cpe:2.3:o:debian:debian_linux:3.1:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.1:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.1:-:ppc
    cpe:2.3:o:debian:debian_linux:3.1:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.1:-:s-390
    cpe:2.3:o:debian:debian_linux:3.1:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.1:-:sparc
    cpe:2.3:o:debian:debian_linux:3.1:-:sparc
CVSS
Base: 7.6 (as of 16-03-2006 - 14:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-270-1.NASL
    description Derek Noonburg discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user 'cupsys'). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21234
    published 2006-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21234
    title Ubuntu 4.10 / 5.04 / 5.10 : kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities (USN-270-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1019.NASL
    description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22561
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22561
    title Debian DSA-1019-1 : koffice - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-983.NASL
    description Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in pdftohtml, a utility that translates PDF documents into HTML format.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22849
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22849
    title Debian DSA-983-1 : pdftohtml - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-979.NASL
    description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22845
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22845
    title Debian DSA-979-1 : pdfkit.framework - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-982.NASL
    description Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22848
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22848
    title Debian DSA-982-1 : gpdf - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-984.NASL
    description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite. The old stable distribution (woody) does not seem to be affected.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22850
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22850
    title Debian DSA-984-1 : xpdf - several vulnerabilities
refmap via4
bid 16748
debian
  • DSA-1019
  • DSA-979
  • DSA-982
  • DSA-983
  • DSA-984
  • DSA-998
misc http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
osvdb 23834
secunia
  • 18948
  • 19021
  • 19065
  • 19091
  • 19164
  • 19364
  • 19644
ubuntu USN-270-1
Last major update 05-09-2008 - 17:01
Published 15-03-2006 - 14:06
Last modified 03-10-2018 - 17:36
Back to Top