Home > Vulnerability Database > CVE-2006-0301

Mend.io Vulnerability Database

CVE-2006-0301

Date: January 30, 2006

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Severity Score

7.3

Related Resources (48)

Url: http://secunia.com/advisories/18908

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747

Url: http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml

Url: http://secunia.com/advisories/18707

Url: http://secunia.com/advisories/18825

Url: https://bugzilla.novell.com/show_bug.cgi?id=141242

Url: http://secunia.com/advisories/18826

Url: http://securityreason.com/securityalert/470

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683

Url: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt

Url: http://secunia.com/advisories/18864

Url: http://secunia.com/advisories/18983

Url: http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html

Url: http://secunia.com/advisories/18862

Url: http://www.securityfocus.com/archive/1/427990/100/0/threaded

Url: http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml

Url: http://secunia.com/advisories/18274

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24391

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:030

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-0301

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:031

Url: http://www.securityfocus.com/archive/1/423899/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:032

Url: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046

Url: http://www.debian.org/security/2006/dsa-974

Url: http://www.ubuntu.com/usn/usn-249-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850

Url: http://www.debian.org/security/2006/dsa-971

Url: http://secunia.com/advisories/18838

Url: http://secunia.com/advisories/18839

Url: http://secunia.com/advisories/18913

Url: http://secunia.com/advisories/18837

Url: http://www.debian.org/security/2006/dsa-972

Url: http://secunia.com/advisories/18834

Url: http://securitytracker.com/id?1015576

Url: http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml

Url: http://secunia.com/advisories/18677

Url: http://secunia.com/advisories/18875

Url: http://secunia.com/advisories/18882

Url: http://secunia.com/advisories/18860

Url: http://secunia.com/advisories/19377

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0301

Url: http://www.redhat.com/support/errata/RHSA-2006-0201.html

Url: http://www.kde.org/info/security/advisory-20060202-1.txt

Url: http://www.vupen.com/english/advisories/2006/0422

Url: http://www.vupen.com/english/advisories/2006/0389

Url: http://rhn.redhat.com/errata/RHSA-2006-0206.html

Url: https://www.mend.io/vulnerability-database/CVE-2006-0301

Severity Score

7.3

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-0301

Date: January 30, 2006

Severity Score

Related Resources (48)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?