CVE-2006-1244: High severity xpdf Xpdf vulnerability
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
Affected Software
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Frequently Asked Questions
What is the severity of CVE-2006-1244?
The severity of CVE-2006-1244 is currently unknown due to unspecified impact and user-assisted attack vectors.
How do I fix CVE-2006-1244?
To fix CVE-2006-1244, update the affected software to the latest versions that do not contain the vulnerability.
Which software versions are affected by CVE-2006-1244?
CVE-2006-1244 affects multiple versions of Xpdf and libextractor, specifically versions after 3.00 and various earlier versions listed in the document.
Can CVE-2006-1244 be exploited remotely?
CVE-2006-1244 may involve user-assisted attack vectors, indicating that while direct remote exploitation is unlikely, the user must engage with malicious content.
What products utilize the vulnerable Xpdf and libextractor versions mentioned in CVE-2006-1244?
Products like pdfkit.framework, gpdf, pdftohtml, and others utilize vulnerable versions of Xpdf and libextractor.