// For flags

CVE-2006-0301

KDE Security Advisory 2006-02-02.1

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-01-18 CVE Reserved
  • 2006-01-30 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (47)
URL Tag Source
http://securityreason.com/securityalert/470 Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242 X_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850 Signature
URL Date SRC
URL Date SRC
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt 2018-10-19
http://rhn.redhat.com/errata/RHSA-2006-0206.html 2018-10-19
http://secunia.com/advisories/18677 2018-10-19
http://secunia.com/advisories/18707 2018-10-19
http://secunia.com/advisories/18825 2018-10-19
http://secunia.com/advisories/18826 2018-10-19
http://secunia.com/advisories/18834 2018-10-19
http://secunia.com/advisories/18837 2018-10-19
http://secunia.com/advisories/18838 2018-10-19
http://secunia.com/advisories/18839 2018-10-19
http://secunia.com/advisories/18860 2018-10-19
http://secunia.com/advisories/18862 2018-10-19
http://secunia.com/advisories/18864 2018-10-19
http://secunia.com/advisories/18882 2018-10-19
http://secunia.com/advisories/18908 2018-10-19
http://secunia.com/advisories/18913 2018-10-19
http://secunia.com/advisories/18983 2018-10-19
http://secunia.com/advisories/19377 2018-10-19
http://securitytracker.com/id?1015576 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 2018-10-19
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 2018-10-19
http://www.debian.org/security/2006/dsa-971 2018-10-19
http://www.debian.org/security/2006/dsa-972 2018-10-19
http://www.debian.org/security/2006/dsa-974 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml 2018-10-19
http://www.kde.org/info/security/advisory-20060202-1.txt 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0201.html 2018-10-19
http://www.securityfocus.com/archive/1/423899/100/0/threaded 2018-10-19
http://www.ubuntu.com/usn/usn-249-1 2018-10-19
URL Date SRC
http://secunia.com/advisories/18274 2018-10-19
http://secunia.com/advisories/18875 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032 2018-10-19
http://www.securityfocus.com/archive/1/427990/100/0/threaded 2018-10-19
http://www.vupen.com/english/advisories/2006/0389 2018-10-19
http://www.vupen.com/english/advisories/2006/0422 2018-10-19
https://access.redhat.com/security/cve/CVE-2006-0301 2006-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1617882 2006-02-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xpdf
Search vendor "Xpdf"
 Xpdf
Search vendor "Xpdf" for product "Xpdf"
*-
Affected