Search for vulnerabilities
Vulnerability details: VCID-c294-trw2-aaah
Vulnerability ID VCID-c294-trw2-aaah
Aliases CVE-2006-0301
Summary Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2006:0201
rhas Important https://access.redhat.com/errata/RHSA-2006:0206
epss 0.01724 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.01953 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.02187 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.02187 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.02187 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.03084 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
epss 0.0779 https://api.first.org/data/v1/epss?cve=CVE-2006-0301
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617882
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2006-0301
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
http://rhn.redhat.com/errata/RHSA-2006-0206.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0301.json
https://api.first.org/data/v1/epss?cve=CVE-2006-0301
https://bugzilla.novell.com/show_bug.cgi?id=141242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
http://secunia.com/advisories/18274
http://secunia.com/advisories/18677
http://secunia.com/advisories/18707
http://secunia.com/advisories/18825
http://secunia.com/advisories/18826
http://secunia.com/advisories/18834
http://secunia.com/advisories/18837
http://secunia.com/advisories/18838
http://secunia.com/advisories/18839
http://secunia.com/advisories/18860
http://secunia.com/advisories/18862
http://secunia.com/advisories/18864
http://secunia.com/advisories/18875
http://secunia.com/advisories/18882
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913
http://secunia.com/advisories/18983
http://secunia.com/advisories/19377
http://securityreason.com/securityalert/470
http://securitytracker.com/id?1015576
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850
http://www.debian.org/security/2006/dsa-971
http://www.debian.org/security/2006/dsa-972
http://www.debian.org/security/2006/dsa-974
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
http://www.kde.org/info/security/advisory-20060202-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
http://www.redhat.com/support/errata/RHSA-2006-0201.html
http://www.securityfocus.com/archive/1/423899/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.ubuntu.com/usn/usn-249-1
http://www.vupen.com/english/advisories/2006/0389
http://www.vupen.com/english/advisories/2006/0422
1617882 https://bugzilla.redhat.com/show_bug.cgi?id=1617882
350783 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350783
cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*
CVE-2006-0301 https://nvd.nist.gov/vuln/detail/CVE-2006-0301
GLSA-200602-04 https://security.gentoo.org/glsa/200602-04
GLSA-200602-05 https://security.gentoo.org/glsa/200602-05
GLSA-200602-12 https://security.gentoo.org/glsa/200602-12
RHSA-2006:0201 https://access.redhat.com/errata/RHSA-2006:0201
RHSA-2006:0206 https://access.redhat.com/errata/RHSA-2006:0206
USN-249-1 https://usn.ubuntu.com/249-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-0301
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87613
EPSS Score 0.01724
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.