CVE-2006-1244 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1244
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1244

Description: Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-270-1 SAID Secunia Advisory: SA19065 Secunia Advisory: SA19091 Secunia Advisory: SA19021 Secunia Advisory: SA18948 Secunia Advisory: SA19644 Secunia Advisory: SA19364 Secunia Advisory: SA19164 OSVDB 23834 MISC http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz DEBIAN http://www.debian.org/security/2006/dsa-998 http://www.debian.org/security/2006/dsa-1019 http://www.debian.org/security/2006/dsa-984 http://www.debian.org/security/2006/dsa-979 http://www.debian.org/security/2006/dsa-982 http://www.debian.org/security/2006/dsa-983 BID 16748

Return to the previous page.