CVE-2006-1244 Information

Description

Unspecified vulnerability in certain versions of xpdf after 3.00 as used in various products including (a) pdfkit.framework (b) gpdf (c) pdftohtml and (d) libextractor has unknown impact and user-assisted attack vectors possibly involving errors in (1) gmem.c (2) SplashXPathScanner.cc (3) JBIG2Stream.cc (4) JPXStream.cc and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979 which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant although it is not clear if they fix specific issues or are defensive in nature.

Reference

http://secunia.com/advisories/18948 http://secunia.com/advisories/19021 http://secunia.com/advisories/19065 http://secunia.com/advisories/19091 http://secunia.com/advisories/19164 http://secunia.com/advisories/19364 http://secunia.com/advisories/19644 http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz http://www.debian.org/security/2006/dsa-1019 http://www.debian.org/security/2006/dsa-979 http://www.debian.org/security/2006/dsa-982 http://www.debian.org/security/2006/dsa-983 http://www.debian.org/security/2006/dsa-984 http://www.debian.org/security/2006/dsa-998 http://www.osvdb.org/23834 http://www.securityfocus.com/bid/16748 https://usn.ubuntu.com/270-1/