// For flags

CVE-2006-0301

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-01-18 CVE Reserved
  • 2006-01-30 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (47)
URL Tag Source
http://securityreason.com/securityalert/470 Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242 X_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850 Signature
URL Date SRC
URL Date SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt 2018-10-19
http://rhn.redhat.com/errata/RHSA-2006-0206.html 2018-10-19
http://secunia.com/advisories/18677 2018-10-19
http://secunia.com/advisories/18707 2018-10-19
http://secunia.com/advisories/18825 2018-10-19
http://secunia.com/advisories/18826 2018-10-19
http://secunia.com/advisories/18834 2018-10-19
http://secunia.com/advisories/18837 2018-10-19
http://secunia.com/advisories/18838 2018-10-19
http://secunia.com/advisories/18839 2018-10-19
http://secunia.com/advisories/18860 2018-10-19
http://secunia.com/advisories/18862 2018-10-19
http://secunia.com/advisories/18864 2018-10-19
http://secunia.com/advisories/18882 2018-10-19
http://secunia.com/advisories/18908 2018-10-19
http://secunia.com/advisories/18913 2018-10-19
http://secunia.com/advisories/18983 2018-10-19
http://secunia.com/advisories/19377 2018-10-19
http://securitytracker.com/id?1015576 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 2018-10-19
http://www.debian.org/security/2006/dsa-971 2018-10-19
http://www.debian.org/security/2006/dsa-972 2018-10-19
http://www.debian.org/security/2006/dsa-974 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml 2018-10-19
http://www.kde.org/info/security/advisory-20060202-1.txt 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0201.html 2018-10-19
http://www.securityfocus.com/archive/1/423899/100/0/threaded 2018-10-19
http://www.ubuntu.com/usn/usn-249-1 2018-10-19
URL Date SRC
http://secunia.com/advisories/18274 2018-10-19
http://secunia.com/advisories/18875 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032 2018-10-19
http://www.securityfocus.com/archive/1/427990/100/0/threaded 2018-10-19
http://www.vupen.com/english/advisories/2006/0389 2018-10-19
http://www.vupen.com/english/advisories/2006/0422 2018-10-19
https://access.redhat.com/security/cve/CVE-2006-0301 2006-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1617882 2006-02-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xpdf
Search vendor "Xpdf"
 Xpdf
Search vendor "Xpdf" for product "Xpdf"
*-
Affected