CVE-2006-1244 : Unspecified vulnerability in certain versions of xpdf after 3.00, as used in var

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Published 2006-03-15 19:06:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-1244

Debian » Debian Linux » Version: 3.1 ARM Edition
cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Hppa Edition
cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Ia-32 Edition
cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Ia-64 Edition
cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Alpha Edition
cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Mips Edition
cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 PPC Edition
cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Amd64 Edition
cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 M68k Edition
cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Mipsel Edition
cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 S-390 Edition
cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1 Sparc Edition
cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
Matching versions
Gnome » Gpdf » Version: 2.8.2
cpe:2.3:a:gnome:gpdf:2.8.2:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.90
cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.0a
cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.1
cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.0
cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.1
cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.91
cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 1.0
cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.3
cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.92
cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 0.93
cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0
cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 2.2
cpe:2.3:a:xpdf:xpdf:2.2:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0 Pl3
cpe:2.3:a:xpdf:xpdf:3.0_pl3:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0 Pl2
cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0.1
cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
Matching versions
Xpdf » Xpdf » Version: 3.0.1 Pl1
cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.3.8
cpe:2.3:a:libextractor:libextractor:0.3.8:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.3.9
cpe:2.3:a:libextractor:libextractor:0.3.9:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.3.6
cpe:2.3:a:libextractor:libextractor:0.3.6:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.3.7
cpe:2.3:a:libextractor:libextractor:0.3.7:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.4
cpe:2.3:a:libextractor:libextractor:0.4:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.4.1
cpe:2.3:a:libextractor:libextractor:0.4.1:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.3.11
cpe:2.3:a:libextractor:libextractor:0.3.11:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.4.2
cpe:2.3:a:libextractor:libextractor:0.4.2:*:*:*:*:*:*:*
Matching versions
Libextractor » Libextractor » Version: 0.5
cpe:2.3:a:libextractor:libextractor:0.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1244

EPSS FAQ

3.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1244

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-1244

http://secunia.com/advisories/19091

Patch;Vendor Advisory
http://www.debian.org/security/2006/dsa-979

Patch;Vendor Advisory
http://secunia.com/advisories/19065

Patch;Vendor Advisory
http://www.debian.org/security/2006/dsa-998

Patch;Vendor Advisory
http://secunia.com/advisories/19164

Patch;Vendor Advisory
http://www.debian.org/security/2006/dsa-982

Patch;Vendor Advisory
http://secunia.com/advisories/19021

Patch;Vendor Advisory
http://www.debian.org/security/2006/dsa-984

Patch;Vendor Advisory
http://secunia.com/advisories/19364

Patch;Vendor Advisory
http://www.osvdb.org/23834
http://www.debian.org/security/2006/dsa-983

Patch;Vendor Advisory
http://secunia.com/advisories/19644

Patch;Vendor Advisory
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz

Patch
https://usn.ubuntu.com/270-1/
http://www.debian.org/security/2006/dsa-1019

Patch;Vendor Advisory
http://www.securityfocus.com/bid/16748
http://secunia.com/advisories/18948

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2006-1244

Products affected by CVE-2006-1244

Exploit prediction scoring system (EPSS) score for CVE-2006-1244

CVSS scores for CVE-2006-1244

References for CVE-2006-1244