FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0301

This CVE name corresponds to:

Entered	Topic
2006-02-15	kpdf -- heap based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-0301 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2006-0301
Phase	Assigned(20060118)

Description

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

References

Source	Reference
MISC	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
CONFIRM	https://bugzilla.novell.com/show_bug.cgi?id=141242
BUGTRAQ	20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow
MISC	http://www.kde.org/info/security/advisory-20060202-1.txt
DEBIAN	DSA-971
DEBIAN	DSA-974
DEBIAN	DSA-972
FEDORA	FLSA:175404
FEDORA	FEDORA-2006-103
GENTOO	GLSA-200602-04
GENTOO	GLSA-200602-05
GENTOO	GLSA-200602-12
MANDRIVA	MDKSA-2006:030
MANDRIVA	MDKSA-2006:031
MANDRIVA	MDKSA-2006:032
REDHAT	RHSA-2006:0201
REDHAT	RHSA-2006:0206
SCO	SCOSA-2006.15
SLACKWARE	SSA:2006-045-04
SLACKWARE	SSA:2006-045-09
UBUNTU	USN-249-1
OVAL	oval:org.mitre.oval:def:10850
VUPEN	ADV-2006-0389
VUPEN	ADV-2006-0422
SECTRACK	1015576
SECUNIA	18677
SECUNIA	18707
SECUNIA	18834
SECUNIA	18875
SECUNIA	18274
SECUNIA	18825
SECUNIA	18826
SECUNIA	18837
SECUNIA	18838
SECUNIA	18860
SECUNIA	18862
SECUNIA	18864
SECUNIA	18882
SECUNIA	18908
SECUNIA	18913
SECUNIA	18983
SECUNIA	19377
SECUNIA	18839
SREASON	470
XF	xpdf-splash-bo(24391)