Vulnerabilities > CVE-2006-0301 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xpdf

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Vulnerable Configurations

Part Description Count
Application
Xpdf
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_432BF98D9E2511DAB410000E0C2E438A.NASL
    descriptionThe KDE team reports : kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id21419
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21419
    titleFreeBSD : kpdf -- heap based buffer overflow (432bf98d-9e25-11da-b410-000e0c2e438a)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0206.NASL
    descriptionUpdated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20900
    published2006-02-14
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20900
    titleRHEL 4 : kdegraphics (RHSA-2006:0206)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200602-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200602-05 (KPdf: Heap based overflow) KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact : An attacker could entice a user to open a specially crafted PDF file with Kpdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20895
    published2006-02-14
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20895
    titleGLSA-200602-05 : KPdf: Heap based overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-103.NASL
    descriptionHeap-based buffer overflow in Splash.cc in poppler, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20881
    published2006-02-11
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20881
    titleFedora Core 4 : poppler-0.4.5-1.1 (2006-103)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-045-09.NASL
    descriptionNew xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20920
    published2006-02-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20920
    titleSlackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : xpdf (SSA:2006-045-09)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200602-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200602-04 (Xpdf, Poppler: Heap overflow) Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF splash images with overly large dimensions. Impact : By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20894
    published2006-02-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20894
    titleGLSA-200602-04 : Xpdf, Poppler: Heap overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-032.NASL
    descriptionHeap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20853
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20853
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2006:032)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0206.NASL
    descriptionUpdated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21986
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21986
    titleCentOS 4 : kdegraphics (CESA-2006:0206)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-030.NASL
    descriptionHeap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20851
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20851
    titleMandrake Linux Security Advisory : poppler (MDKSA-2006:030)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-998.NASL
    descriptionDerek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files.
    last seen2020-06-01
    modified2020-06-02
    plugin id22864
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22864
    titleDebian DSA-998-1 : libextractor - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-974.NASL
    descriptionSuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22840
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22840
    titleDebian DSA-974-1 : gpdf - buffer overflows
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-971.NASL
    descriptionSuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22837
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22837
    titleDebian DSA-971-1 : xpdf - buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-031.NASL
    descriptionHeap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20852
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20852
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2006:031)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200602-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200602-12 (GPdf: heap overflows in included Xpdf code) Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact : An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20962
    published2006-02-22
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20962
    titleGLSA-200602-12 : GPdf: heap overflows in included Xpdf code
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0201.NASL
    descriptionAn updated xpdf package that fixes a buffer overflow security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch.
    last seen2020-06-01
    modified2020-06-02
    plugin id21984
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21984
    titleCentOS 4 : xpdf (CESA-2006:0201)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-972.NASL
    descriptionSuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id22838
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22838
    titleDebian DSA-972-1 : pdfkit.framework - buffer overflows
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0201.NASL
    descriptionAn updated xpdf package that fixes a buffer overflow security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch.
    last seen2020-06-01
    modified2020-06-02
    plugin id20898
    published2006-02-14
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20898
    titleRHEL 4 : xpdf (RHSA-2006:0201)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-045-04.NASL
    descriptionNew kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf.
    last seen2020-06-01
    modified2020-06-02
    plugin id20915
    published2006-02-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20915
    titleSlackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-249-1.NASL
    descriptionThe splash image handler in xpdf did not check the validity of coordinates. By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user. The poppler library and kpdf also contain xpdf code, and thus are affected by the same vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21058
    published2006-03-13
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21058
    titleUbuntu 4.10 / 5.04 / 5.10 : xpdf, poppler, kdegraphics vulnerabilities (USN-249-1)

Oval

accepted2013-04-29T04:09:22.131-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionHeap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
familyunix
idoval:org.mitre.oval:def:10850
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
version26

Redhat

advisories
  • bugzilla
    id179046
    titleCVE-2006-0301 PDF splash handling heap overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentxpdf is earlier than 1:3.00-11.12
        ovaloval:com.redhat.rhsa:tst:20060201001
      • commentxpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060201002
    rhsa
    idRHSA-2006:0201
    released2006-02-13
    severityImportant
    titleRHSA-2006:0201: xpdf security update (Important)
  • bugzilla
    id179055
    titleCVE-2006-0301 PDF splash handling heap overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentkdegraphics-devel is earlier than 7:3.3.1-3.7
            ovaloval:com.redhat.rhsa:tst:20060206001
          • commentkdegraphics-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206002
        • AND
          • commentkdegraphics is earlier than 7:3.3.1-3.7
            ovaloval:com.redhat.rhsa:tst:20060206003
          • commentkdegraphics is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206004
    rhsa
    idRHSA-2006:0206
    released2006-02-13
    severityImportant
    titleRHSA-2006:0206: kdegraphics security update (Important)
rpms
  • xpdf-1:3.00-11.12
  • xpdf-debuginfo-1:3.00-11.12
  • kdegraphics-7:3.3.1-3.7
  • kdegraphics-debuginfo-7:3.3.1-3.7
  • kdegraphics-devel-7:3.3.1-3.7

References