Vulnerabilities > CVE-2006-0301 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_432BF98D9E2511DAB410000E0C2E438A.NASL description The KDE team reports : kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 21419 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21419 title FreeBSD : kpdf -- heap based buffer overflow (432bf98d-9e25-11da-b410-000e0c2e438a) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0206.NASL description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20900 published 2006-02-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20900 title RHEL 4 : kdegraphics (RHSA-2006:0206) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-05.NASL description The remote host is affected by the vulnerability described in GLSA-200602-05 (KPdf: Heap based overflow) KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Impact : An attacker could entice a user to open a specially crafted PDF file with Kpdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20895 published 2006-02-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20895 title GLSA-200602-05 : KPdf: Heap based overflow NASL family Fedora Local Security Checks NASL id FEDORA_2006-103.NASL description Heap-based buffer overflow in Splash.cc in poppler, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20881 published 2006-02-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20881 title Fedora Core 4 : poppler-0.4.5-1.1 (2006-103) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-045-09.NASL description New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20920 published 2006-02-15 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20920 title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : xpdf (SSA:2006-045-09) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-04.NASL description The remote host is affected by the vulnerability described in GLSA-200602-04 (Xpdf, Poppler: Heap overflow) Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF splash images with overly large dimensions. Impact : By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20894 published 2006-02-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20894 title GLSA-200602-04 : Xpdf, Poppler: Heap overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-032.NASL description Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20853 published 2006-02-05 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20853 title Mandrake Linux Security Advisory : xpdf (MDKSA-2006:032) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0206.NASL description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21986 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21986 title CentOS 4 : kdegraphics (CESA-2006:0206) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-030.NASL description Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20851 published 2006-02-05 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20851 title Mandrake Linux Security Advisory : poppler (MDKSA-2006:030) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-998.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files. last seen 2020-06-01 modified 2020-06-02 plugin id 22864 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22864 title Debian DSA-998-1 : libextractor - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-974.NASL description SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22840 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22840 title Debian DSA-974-1 : gpdf - buffer overflows NASL family Debian Local Security Checks NASL id DEBIAN_DSA-971.NASL description SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22837 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22837 title Debian DSA-971-1 : xpdf - buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-031.NASL description Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20852 published 2006-02-05 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20852 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:031) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-12.NASL description The remote host is affected by the vulnerability described in GLSA-200602-12 (GPdf: heap overflows in included Xpdf code) Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact : An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20962 published 2006-02-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20962 title GLSA-200602-12 : GPdf: heap overflows in included Xpdf code NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0201.NASL description An updated xpdf package that fixes a buffer overflow security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch. last seen 2020-06-01 modified 2020-06-02 plugin id 21984 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21984 title CentOS 4 : xpdf (CESA-2006:0201) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-972.NASL description SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22838 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22838 title Debian DSA-972-1 : pdfkit.framework - buffer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0201.NASL description An updated xpdf package that fixes a buffer overflow security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch. last seen 2020-06-01 modified 2020-06-02 plugin id 20898 published 2006-02-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20898 title RHEL 4 : xpdf (RHSA-2006:0201) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-045-04.NASL description New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf. last seen 2020-06-01 modified 2020-06-02 plugin id 20915 published 2006-02-15 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20915 title Slackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-249-1.NASL description The splash image handler in xpdf did not check the validity of coordinates. By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user. The poppler library and kpdf also contain xpdf code, and thus are affected by the same vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21058 published 2006-03-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21058 title Ubuntu 4.10 / 5.04 / 5.10 : xpdf, poppler, kdegraphics vulnerabilities (USN-249-1)
Oval
| accepted | 2013-04-29T04:09:22.131-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10850 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
- http://rhn.redhat.com/errata/RHSA-2006-0206.html
- http://secunia.com/advisories/18274
- http://secunia.com/advisories/18677
- http://secunia.com/advisories/18707
- http://secunia.com/advisories/18825
- http://secunia.com/advisories/18826
- http://secunia.com/advisories/18834
- http://secunia.com/advisories/18837
- http://secunia.com/advisories/18838
- http://secunia.com/advisories/18839
- http://secunia.com/advisories/18860
- http://secunia.com/advisories/18862
- http://secunia.com/advisories/18864
- http://secunia.com/advisories/18875
- http://secunia.com/advisories/18882
- http://secunia.com/advisories/18908
- http://secunia.com/advisories/18913
- http://secunia.com/advisories/18983
- http://secunia.com/advisories/19377
- http://securityreason.com/securityalert/470
- http://securitytracker.com/id?1015576
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
- http://www.debian.org/security/2006/dsa-971
- http://www.debian.org/security/2006/dsa-972
- http://www.debian.org/security/2006/dsa-974
- http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
- http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
- http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
- http://www.kde.org/info/security/advisory-20060202-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
- http://www.redhat.com/support/errata/RHSA-2006-0201.html
- http://www.securityfocus.com/archive/1/423899/100/0/threaded
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.ubuntu.com/usn/usn-249-1
- http://www.vupen.com/english/advisories/2006/0389
- http://www.vupen.com/english/advisories/2006/0422
- https://bugzilla.novell.com/show_bug.cgi?id=141242
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850