CVE-2006-0301
xpdf - Heap-Based Buffer Overflow in Splash.cc via Crafted Splash Images
Title source: llmDescription
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
References (45)
Core 45
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18707
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0422
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015576
Patch, Vendor Advisory vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18837
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18834
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18983
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/423899/100/0/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18864
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0389
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18677
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
Patch, Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0201.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18882
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18274
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-974
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-971
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18825
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0206.html
Patch, Vendor Advisory x_refsource_misc
http://www.kde.org/info/security/advisory-20060202-1.txt
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/470
Patch vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18875
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18860
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18908
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18839
Patch vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-249-1
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18862
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=141242
Patch vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19377
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/427990/100/0/threaded
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-972
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18913
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18838
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18826
Scores
EPSS
0.0440
EPSS Percentile
90.2%
Details
CWE
CWE-119
Status
published
Products (1)
xpdf/xpdf
Published
Jan 30, 2006
Tracked Since
Feb 18, 2026