Vulnerabilities > CVE-2006-1244 - Multiple Unspecified vulnerability in XPDF
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 9 | |
| Application | 16 | |
| OS | 13 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-983.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in pdftohtml, a utility that translates PDF documents into HTML format. last seen 2020-06-01 modified 2020-06-02 plugin id 22849 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22849 title Debian DSA-983-1 : pdftohtml - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-979.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content. last seen 2020-06-01 modified 2020-06-02 plugin id 22845 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22845 title Debian DSA-979-1 : pdfkit.framework - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-270-1.NASL description Derek Noonburg discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS printing system also uses XPDF code to convert PDF files to PostScript. By attempting to print such a crafted PDF file, a remote attacker could execute arbitrary code with the privileges of the printer server (user last seen 2020-06-01 modified 2020-06-02 plugin id 21234 published 2006-04-17 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21234 title Ubuntu 4.10 / 5.04 / 5.10 : kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities (USN-270-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-982.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings. last seen 2020-06-01 modified 2020-06-02 plugin id 22848 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22848 title Debian DSA-982-1 : gpdf - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1019.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite. last seen 2020-06-01 modified 2020-06-02 plugin id 22561 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22561 title Debian DSA-1019-1 : koffice - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-984.NASL description Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite. The old stable distribution (woody) does not seem to be affected. last seen 2020-06-01 modified 2020-06-02 plugin id 22850 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22850 title Debian DSA-984-1 : xpdf - several vulnerabilities
References
- http://secunia.com/advisories/18948
- http://secunia.com/advisories/19021
- http://secunia.com/advisories/19065
- http://secunia.com/advisories/19091
- http://secunia.com/advisories/19164
- http://secunia.com/advisories/19364
- http://secunia.com/advisories/19644
- http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
- http://www.debian.org/security/2006/dsa-1019
- http://www.debian.org/security/2006/dsa-979
- http://www.debian.org/security/2006/dsa-982
- http://www.debian.org/security/2006/dsa-983
- http://www.debian.org/security/2006/dsa-984
- http://www.debian.org/security/2006/dsa-998
- http://www.osvdb.org/23834
- http://www.securityfocus.com/bid/16748
- https://usn.ubuntu.com/270-1/